(htaccess) trouble blocking hotlinking


#1

Today I realized that various sites have been hotlinking A LOT of images and files from my website. Like, 130 files directly linked for download from my server, and this is just on one site.

I went into the control panel and set up the htaccess stuff for all the directories that stuff is being hotlinked from about an hour and a half ago. Whenever I check the sites that are directly linking, everything still works fine for them. The images are all there and all the files are still able to be downloaded from my site.

Maybe I am misunderstanding how this works, but I was under the impression that all sites besides my own would be blocked from directly linking to my images and files once I did this.

I was wondering if maybe it takes a bit longer or if something is going wrong or if there is anything else I need to do in addition. It tells me that link protection is enabled yet it doesn’t seem to be at all. It doesn’t work for the main site or the subdomains.

Thank you in advance for any help on the issue.


#2

You did, of course, clear your browser cache before making your tests? Additionally, recognize that some ISP’s build their own temporary caches to save on bandwidth costs (AOL is particularly notorious for this). Either of these can affect what you see, irrespective of whether or not the hotlink protection actually worked.

It sounds like you understand it correctly, but you should wait for a bit for the settings to take affect at DH, and then try again with a “clean” browser before assuming that it hasn’t worked. Give it a while, clear you cache, and “force” a reload of the relevant site to see if there is any change :wink:

–rlparker


#3

Yeah, I cleared my browser cache and it is still having issues working. I am using Firefox.

It still doesn’t seem to be working, all the images and files are still visible and able to be downloaded.

I am wondering if there is a way for me to do it manually? The codes on the DHwiki seems to be incomplete and I have never created an .htaccess file before. I feel relatively comfortable editing codes once I have gotten a template, so once I have a full code or way to compile a full code so that I may block all sites except a few from hotlinking and uploading them manually, I feel it wouldn’t be an issue.

Thanks!


#4

I understand. The necessary code to place in the .htaccess to block certain files is not overly complicated, and there are many tutorials on this on the web, so if the Dreamhost panel is complicating matters for you you can certainly try to do it yourself.

I did have an experience recently where a DH user had to wait for several hours to have an .htaccess protection he had set-up via the panel to take effect (although it ultimately did work, it took a lot longer than one would think it should take!)

Have you checked, via the shell or ftp, to see if the .htaccess file you set up via the panel actually got written to the appropriate directory? At least that would tell you whether or not the panel has made the changes or not.

At any rate, doing it yourself is not hard, and you may be happier with the results. Good Luck!

–rlpaker


#5

I guess I will wait a while longer then, and then try my hand at doing it myself if it hasn’t worked.

It did get written into the appropriate directories, I checked.

Thannk you for the information, hopefully it’ll get resolved!


#6

Okay, it’s been a few hours since I tried setting them up, but it didn’t work. When I go to delete all the htaccess stuff I did through the web, it gives me this error:

"NZA Fatal Error!
The developer says:
couldn’t schedule addition of this WebDAV!

Handy stack trace:
Ndn::Common::Nza::Step::FatalError(‘couldn’t schedule addition of this WebDAV!’) called at /usr/local/lib/site_perl/Ndn/Dhwebpanel/Goodies/Webdav.pm line 668
Ndn::Dhwebpanel::Goodies::Webdav::EditFinal::Do(‘Ndn::Dhwebpanel::Goodies::Webdav::EditFinal’) called at /usr/local/lib/site_perl/Ndn/Common/Nza.pm line 554
Ndn::Common::Nza::DoStep(‘Ndn::Dhwebpanel::Goodies::Webdav=HASH(0xbf22f20)’, ‘EditFinal’) called at /usr/local/lib/site_perl/Ndn/Common/Nza.pm line 174
Ndn::Common::Nza::fill(‘Ndn::Dhwebpanel::Goodies::Webdav=HASH(0xbf22f20)’, ‘Ndn::Common::Context=HASH(0xbc78820)’) called at /usr/local/lib/site_perl/Ndn/Common/TreeNav.pm line 396
eval {…} called at /usr/local/lib/site_perl/Ndn/Common/TreeNav.pm line 396
Ndn::Common::TreeNav::ANON(‘HASH(0xbf22f5c)’, ‘ARRAY(0xbf25f24)’, ‘ARRAY(0xbc770a4)’, ‘tree=goodies.webdav&’, 3, ‘panel_panel_’, ‘panel’) called at /usr/local/lib/site_perl/Ndn/Common/TreeNav.pm line 312
Ndn::Common::TreeNav::ANON(‘HASH(0xbf23f0c)’, ‘ARRAY(0xbf25f24)’, ‘ARRAY(0xbf251f8)’, ‘tree=goodies&’, 2, ‘panel_panel_’, ‘panel’) called at /usr/local/lib/site_perl/Ndn/Common/TreeNav.pm line 312
Ndn::Common::TreeNav::ANON(‘HASH(0xbf25e88)’, ‘ARRAY(0xbf25f24)’, ‘ARRAY(0xbc75cf4)’, ‘’, 1, ‘panel_panel_’, ‘panel’) called at /usr/local/lib/site_perl/Ndn/Common/TreeNav.pm line 419
Ndn::Common::TreeNav::Render(‘Ndn::Common::TreeNav=HASH(0xbf25ec4)’, ‘Ndn::Common::Context=HASH(0xbe71af4)’) called at /usr/local/lib/site_perl/Ndn/Dhwebpanel.pm line 565
Ndn::Dhwebpanel::Main(‘Ndn::Common::Context=HASH(0xbe71af4)’) called at /usr/local/lib/site_perl/Ndn/Dhwebpanel.pm line 787
eval {…} called at /usr/local/lib/site_perl/Ndn/Dhwebpanel.pm line 786
Ndn::Dhwebpanel::Display(‘Ndn::Common::Context=HASH(0xbe71af4)’) called at /usr/local/lib/site_perl/Ndn/Dhwebpanel.pm line 229
Ndn::Dhwebpanel::ProcQuery(‘Ndn::Common::Context=HASH(0xbe71af4)’) called at /usr/local/ndn/web/dhwebpanel/index.cgi line 53
Apache::ROOTpanel_2edreamhost_2ecom::index_2ecgi::handler(‘Apache=SCALAR(0xada3ec0)’) called at /usr/lib/perl/5.8/Apache/Registry.pm line 149
eval {…} called at /usr/lib/perl/5.8/Apache/Registry.pm line 149
Apache::Registry::handler(‘Apache=SCALAR(0xada3ec0)’) called at /dev/null line 0
eval {…} called at /dev/null line 0"

I have no idea what is going on. It won’t let me delete them manually on my FTP or through here.

Do you think this is a problem I should put through to support? I’d rather not have to since I never hear good things about putting in tickets, but I don’t know what to do.


#7

Wow. What a mess! I am assuming you got those error messages from within the DH Control Panel? From your error messages it looks like the code for the Panel “broke”. It also kinda looks like you somehow got the directory set up as a webdav directory instead of just assigning hotlinking protection to a regular directory via .htaccess.

If this is what happened, it explains why your hotlinking protection did not work and why you can’t manage things with ftp (ftp will not work in webdav directories).

Don’t believe everything you hear! Dreamhost support, in my opinion, is excellent and they have always responded well to my requests for help. Remember that Dreamhost currently hosts over 300,000 domains, and those that have good service generally do not write about it on the forums. A great deal of the negative reports you see on the forum are from a relatively small group of dissatisfied users who are just whining because they got in over their heads, don’t understand enough of the basics to be properly helped by the support response they got, or are simply complaining about having to wait for an email support response instead of having the privilege of complaining over the phone. :wink:

It may require a support contact to straighten this out at this point, and even if you are able to “recover”, you should report the error so that DH can look into it and determine what happened and/or how to fix it.

There are still a couple of things I would try. How are you connecting to this directory right now (ftp, shell, only the Panel configuration screen?). Try going into this directory via the shell, and deleting all the “stuff” you added (.htaccess file?). Also make sure you have the permissions set to 755 for this directory. Once that has been done, see if you can copy files to/from that directory via ftp. If so, you , have probably “fixed” it back to the way it was and can take another shot a configuring it properly via the panel.

You only want to use the “hotlinking”, and not webdav. Make sure you do not check the box that says, “Enable Webdav for this dir”. In addition to identifying the directory, there are three options on the set-up page:

  1. Password Protect This dir?
  2. Enable Webdav on this dir?
  3. Forbid Linking to files in this dir?

You only want to check number three! And enter the domains you want to be able to link (your own?) to the files where indicated.

–rlparker


#8

It looks like you might have encountered this problem with the Control Panel acting up. :frowning:

Given the time frame involved, I’ll bet this is part of, if not all of your problem. I suggest that, after submitting a suppoprt ticket, you just sit tight and wait till the get the Control Panel problem(s) are sorted before trying again. :wink:

–rlparker