Fed up with people stealing your bandwidth?
Author: | Mr. Esch
|
Submitted: | 14th April, 2006
|
Views: | 5751
| Rated: |
|
|
If you can't really be considered a technical webmaster this probably isn't an article for you. It's long, boring and contains words with more than 2 syllables.
Have you ever seen a huge drop in your remaining bandwidth due to sites hot-linking directly to your files? I can't say I have had this problem until recently. Generally it isn't a problem if people link directly but if you start to get a large number of downloads you will probably want to either directly stop them from downloading the file at all, redirect them to a mirror page or at least make them view your own download page. Afterall it's your bandwidth so the least a downloader could do it visit your site. Though of course there are pros and cons for whichever method you want.
How does it work?
The redirection is indicated in a file named .htaccess, this file is read by the http protocol before it accesses the file or folder. I am not sure if free web providers permit the use of .htaccess files but you could always try it however the problem usually seems to be free web providers won't allow ANY direct links, which is just a pain in the arse.
Creating a .htaccess file
I have found under Windows XP SP2, it will kick up a fuss if you try to create a file called '.htaccess' - to overcome this I create a file like 'rules.htaccess' and then rename the file after it has been uploaded. After you have created the file you will need to decide which approach you are going to take.
1) Use a dummy file and use it to redirect people to your downloads page. - Using mirrors
So you have found that a site is linking to your file 'gimme.zip' in a folder called files. (/files/gimme.zip) and you have had loads of downloads of the same file. You still want people to be able to download your game but you would prefer they visit your download page first. Also you can't afford as much bandwidth so your download page will link to a mirror.
The .htaccess file will contain the following.
Redirect permanent /files/gimme.zip http://www.mysite.com/downloads.html
the first section /files/gimme.zip refers to the location of the file. /file is the folder and /gimme.zip is the file. For those of you who see a htdocs or something similar when you are in ftp, this folder doesn't matter because that folder is not included in the web address. The page that you will be redirected to is space separated and the whole url is included.
Upload the .htaccess file into the /files folder and you will get the redirection. Then you will have to add links to the mirrors on your downloads page.
In effect the gimme.zip file is not downloadable so it is just a dummy file used to redirect people.
Pros: Directs direct-access links to your site generating more hits and reducing the amount of bandwidth.
Cons: Some people may become wise to this and will direct straight to your mirror instead.
- this con could be solved if you have a mirror which prevents direct links.
2) Use a dummy file and use it to redirect people to your downloads page. - And putting your downloads in a protected folder.
You know somebody is linking to a file and you want to divert the download attempts to your downloads page. If you don't want to use a mirror then you could still use the gimme.zip file as a dummy which redirects to your downloads page, but then your downloads page has a link to a protected folder.
Firstly create the same .htaccess file in the /files folder. (Remember this was the redirect using the dummy file). Then on your downloads page you will have a link to a new folder. For this example I am going to call it /protected and keep it in the root directory. (http://www.mysite.com/protected). Now you will need to create a new .htaccess file for the protected folder. For this there will be a slightly different approach.
http://www.htmlbasix.com/disablehotlinking.shtml
This generator seems to orientated towards images but it can be used for any file types or specific files. Using the generator...
Type in the referrers that are allowed to hotlink (for example http://www2.create-games.com - these are the websites that are allowed direct access to the file. Also don't forget to add your own site as a referrer otherwise it defeats the point. After you have done this you will come to a part that will say block blank referrers. Check this, but ultimately this is what will cause the problems with this method. After than you will see url to redirect to (if desired) - I want all disallowed referrers to get redirected to http://www.mysite.com/downloads.html - you could just leave it so it would go to an error page (probably error 500 page). Finally you have a files to block section. This is the part which annoys me because you can't just specify specific files using this generator. Just type in the extensions of protected files and space separate them. I only want to protect zip files. When you're done click generate.
The generator has now generated a lovely .htaccess file which won't make much sense to a lot of people.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.mysite.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.create-games.com(/)?. *$ [NC]
RewriteRule .*\.(zip)$ http://www.mysite.com/download.html [R,NC]
I would just have to save this in a .htaccess file and upload it to the /protected folder. Then I would change the downloads page link so it linked to the files in the protected folder. As your website is the referrer it will allow you to download from the protected folder. If your website wasn't the referrer, the downloader would be directed to the downloads page.
Pros: Makes sure that a file can only be downloaded if the downloader had visited your site in the first place
Cons: This is the bad part, some firewalls will stop your browser from sending referrer information. This is so annoying because it could even stop your own website from being noticed as the referrer, so the visitor couldn't donwload anything until they turned the firewall off. I have found this to be a problem with norton (which imo sucks) but many people use it which means quite a few people won't be able to download anything unless they have configured their firewalls. This method means there is either too much protection so you are preventing legitimate downloaders from downloading OR you could choose to allow blank referrers (set using the generator). This would mean those who were blocking the referrer information from being sent would still be able to download the file but if the hotlinker had linked directly to the file in the protected folder, the firewall would block the information about the hotlinker being sent and the file is fully downloadable. This would be a lack of security.
3) Allow specific files to be downloaded only if the referrer information is correct.
As explained before, there are obvious problems associated with referrer information. If you still wanted to use it (as either an overprotection telling users to disable their firewalls on an underprotection to prevent some people from accessing the file through a hotlink) and there were only specific files you wanted to protect, you could use 1 .htaccess file for the job by modifying the generated .htaccesss file.
For this scenario I am going to take a folder called files in which 3 regularly downloaded files are kept. One is called bernardandhank.zip, another hexeditor.exe and the other sexyphizzy.jpg - Because these files are in such demand we would prefer that the downloaders visit the page first and for image linkers not to direct link to the file.
This is a quick schematic of what I want to happen
request bernardandhank.zip --> goto bnhdl.html download page
request hexeditor.exe --> goto hexeditor download page
request sexyphizzy.jpg --> display a rude picture (lol)
Again I am going to block blank referrers and allow www2.create-games.com and I will also allow www.newklear.com (just for the hell of it). (and my own site)
When it comes to the generator file types, I will just use the .zip again because this will edited out and I will keep the redirection page as http://www.mysite.com/downloads.html
This is the code that is generated.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.mysite.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.create-games.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?newklear.com(/)?. *$ [NC]
RewriteRule .*\.(zip)$ http://www.mysite.com/download.html [R,NC]
the part we are going to keep in its place is
RewriteEngine on
The format then goes for each file...
[WHO CAN BE THE REFERRER]
[WHAT FILE ARE THEY TRYING TO ACCESS][WHAT TO DO IF THEY AREN'T AN ALLOWED REFERRER]
The referrer information has already been generated
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.mysite.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.create-games.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?newklear.com(/)?. *$ [NC]
So this will go at the beginning of each file redirection.
For bernardandhank.zip: RewriteRule bernardandhank.zip$ http://www.mysite.com/bnhdl.html [R,NC]
For hexeditor.exe: RewriteRule hexeditor.exe$ http://www.mysite.com/hexedl.html [R,NC]
For sexyphizzy.jpg: RewriteRule sexyphizzy.jpg$ http://www.vilepicturesRus.com/penis.jpg [R,NC]
Each of the files will have to have to have the allowed referrers before it. You don't have to keep the same referrers for every file, you can be selective. I will keep the referrers the same for this example.
My final .htaccess file is
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.mysite.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.create-games.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?newklear.com(/)?. *$ [NC]
RewriteRule bernardandhank.zip$ http://www.mysite.com/bnhdl.html [R,NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.mysite.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.create-games.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?newklear.com(/)?. *$ [NC]
RewriteRule hexeditor.exe$ http://www.mysite.com/hexedl.html [R,NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.mysite.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?www2.create-games.com(/)?. *$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?newklear.com(/)?. *$ [NC]
RewriteRule sexyphizzy.jpg$ http://www.vilepicturesRus.com/penis.jpg [R,NC]
Save the .htaccess file and place it in the correct directory.
Pros: Files can be selectively chosen and protected allowing files of the same file type in the same folder to be hotlinked. If you had a banner that you wanted people to link to in the same folder as sexyphizzy.jpg, the banner would display properly, but a hotlink to sexyphizzy.jpg would show a penis instead.
Cons: If someone had a firewall that blocked the sending of referer information and that person looked in the gallery, sexyphizzy.jpg would be redirected to the penis picture. The problems with this are obvious (lol) as stated before. This is too much protection, and often enough too little protection doesn't cut it.
Overview: If you're still reading, well done! I will probably find out later there is some super-easy method because that always happens to me. If you liked the article then be generous with the stars - or if you couldn't be bothered to read it and just scrolled to bottom, be generous with the stars for the impressive length(?)
Thanks for reading and/or pretending to be interested.
|
|
Mr. EschStone Goose Registered 30/05/2003
Points 0
|