.htaccess suddenly stopped working


#1

I use .htaccess on my site to prevent people from direct linking my images. Worked like a charm as recently as a few days ago.

Suddenly tonight I discovered that it is no longer working. I have not changed the file in any way since it was uploaded ages ago. I have submitted a trouble ticket, but I wonder if anyone here has noticed the same problem?

Here is my code (and it is uploaded as an ASCII file):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://jake-weber.net/.$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.jake-weber.net/.
$ [NC]
RewriteRule .(gif|jpg|png)$ - [F]


#2

I recommend clearing out your temporary Internet files and test it again. Perhaps at the moment when you tested your protected images, they appeared because they were still in your browser’s cache.


#3

!^http://jake-weber.net/.*$ [NC]In a regexp, the period is a character that matches any character in the string. So you need to escape it to match a period instead,

!^http://jake-weber\.net/.*$ [NC] :cool: Perl / MySQL / HTML+CSS


#4

I changed the file to this based on your recommendation and it still doesn’t prevent direct linking:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://jake-weber.net/.$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.jake-weber.net/.
$ [NC]
RewriteRule .(gif|jpg|png)$ - [F]

I have also tried clearing my cache using both Firefox and MSIE.

I’ve also tried many variations of the file based on information I found here at Dreamhost. Either it doesn’t work at all or it blocks all images from showing up.


#5

You didn’t escape all the periods in the URI.

You could reduce the matching to

The www. matches 3 letter w’s followed by a period. In parenthesis, these 4 characters are treated as a group, and the ? following the group means it does not have to appear in the string. Thus http://www.jake-weber.net/ and http://jake-weber.net/ both match that single regexp.

:cool: Perl / MySQL / HTML CSS


#6

I do apologize, I do not even understand what any of that means. All I know is my .htaccess worked like a charm for months and months and months. Then suddenly yesterday it stopped working. This is the ORIGINAL .htaccess file I used that worked perfectly until yesterday. Dreamhost had to have changed something somewhere for it to suddenly stop working:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://jake-weber.net/.$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.jake-weber.net/.
$ [NC]
RewriteRule .(gif|jpg)$ - [F]


#7

It might help to provide a testcase then.

Here is an example. See, its a page not hosted on your site, so the images should not appear. And for me, they don’t.

http://atropos.openvein.org/web/dreamhost/apache/jake-weber.net.html

And here is the HTTP communication that shows that access to the images was forbidden. You should see both of those requests in your Apache log file.

http://atropos.openvein.org/web/dreamhost/apache/jake-weber.net.html

GET /web/dreamhost/apache/jake-weber.net.html HTTP/1.1
Host: atropos.openvein.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1
Accept: text/xml,application/xml,application/xhtml xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: wordpressuser_f5adeb76174550ea0bd8c6ea679ccce6=admin; wordpresspass_f5adeb76174550ea0bd8c6ea679ccce6=98ecbd4646d4b07154846e1ef71f2aee
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.x 200 OK
Date: Sat, 05 Mar 2005 23:28:01 GMT
Server: Apache/1.3.31 (Unix) DAV/1.0.3 mod_gzip/1.3.26.1a PHP/4.3.10 mod_ssl/2.8.19 OpenSSL/0.9.6c
Last-Modified: Sat, 05 Mar 2005 23:24:10 GMT
Etag: "4209cc-42c-422a3f9a"
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 487

http://www.jake-weber.net/01.jpg

GET /01.jpg HTTP/1.1
Host: www.jake-weber.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1
Accept: image/png,/;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://atropos.openvein.org/web/dreamhost/apache/jake-weber.net.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.x 403 Forbidden
Date: Sat, 05 Mar 2005 23:28:01 GMT
Server: Apache/1.3.31 (Unix) DAV/1.0.3 mod_gzip/1.3.26.1a PHP/4.3.10 mod_ssl/2.8.19 OpenSSL/0.9.6c
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

http://jake-weber.net/01.jpg

GET /01.jpg HTTP/1.1
Host: jake-weber.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1
Accept: image/png,/;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://atropos.openvein.org/web/dreamhost/apache/jake-weber.net.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.x 403 Forbidden
Date: Sat, 05 Mar 2005 23:28:01 GMT
Server: Apache/1.3.31 (Unix) DAV/1.0.3 mod_gzip/1.3.26.1a PHP/4.3.10 mod_ssl/2.8.19 OpenSSL/0.9.6c
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

:cool: Perl / MySQL / HTML CSS


#8

Also, use this tool:

http://web-sniffer.net/

To see the communication between a browser and the web site.

If you put in http://www.jake-weber.net/01.jpg, it works as expected.

This tool does not have a cache, so you don’t have to worry about the image being cached.

:cool: Perl / MySQL / HTML+CSS


#9

Ahhh…if I disable my firewall then I can’t view the images. Which makes absolutely no sense to me.

Here is the test URL I use. I direct link an image from each of my web sites. Ordinarily it shows up as broken images which tell me no one can direct link. Yesterday all of the images started showing up:

http://whiskerville.org/0test/test.htm

BUT, if I disable my firewall like I said above, the images do not show up.

I tried the web-sniffer link above some of the information it produced was an error message which now makes me worry that my sites aren’t showing up at all. But I actually didn’t understand anything that the results produced. Way too technical for me.

I guess from now on I’ll have to disable my firewall in order to confirm direct linking is not happening. Again, makes no sense to me!

Thanks to everyone for their help.