Bug #1481
Hotlinking protection with $HTTP["referer"] not working
| Status: | Invalid | Start: | ||
| Priority: | Urgent | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | mod_rewrite | |||
| Target version: | 1.5.0 | |||
| Pending: | No |
Resolution: | invalid |
|
| Patch available: |
Description
Hello All,
I tried to hotlink protect a lighthttpd server with the following rule. When I give this rule, no one can access the site images or videos directly. But issue is that the site example.com (which is on a different server) also cannot access the site. Example.com uses the lighty server to stream the audios and videos.
=======================================================
$HTTP["referer"] != "^($|(ftp|http)://(.*?\.)?.example\.com)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
h55. tried without ftp also, $|http://(.*?\.)?.example\.com
$HTTPreferer != "^http://www\.example\.com)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
h55. When I used the following rule and added the remoteip rule, the streaming does not work.
$HTTPremoteip !~ "example.com_server_IP" {
$HTTPurl =~ "^/" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
}
=======================================================
Please help me or advice what I am doing wrong.
-- Davidjango
History
12/18/2007 10:02 PM - Anonymous
Try a regex like.. ^($|(ftp|http)://(.*?\.)?example\.com)
Note the lack of a . before example.com (this will allow example.com without any subdomain - yours didn't) and the ^ at the beginning. If that doesn't work, ask in #lighttpd on irc.freenode.net or such. The bugtracker is not a help system ;)