Bug #1481
closedHotlinking protection with $HTTP["referer"] not working
Description
Hello All,
I tried to hotlink protect a lighthttpd server with the following rule. When I give this rule, no one can access the site images or videos directly. But issue is that the site example.com (which is on a different server) also cannot access the site. Example.com uses the lighty server to stream the audios and videos.
=======================================================
$HTTP["referer"] != "^($|(ftp|http)://(.*?\.)?.example\.com)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
h55. tried without ftp also, $|http://(.*?\.)?.example\.com
$HTTPreferer != "^http://www\.example\.com)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
h55. When I used the following rule and added the remoteip rule, the streaming does not work.
$HTTPremoteip !~ "example.com_server_IP" {
$HTTPurl =~ "^/" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
}
=======================================================
Please help me or advice what I am doing wrong.
-- Davidjango
Updated by Anonymous almost 17 years ago
Try a regex like.. ^($|(ftp|http)://(.*?\.)?example\.com)
Note the lack of a . before example.com (this will allow example.com without any subdomain - yours didn't) and the ^ at the beginning. If that doesn't work, ask in #lighttpd on irc.freenode.net or such. The bugtracker is not a help system ;)
Updated by stbuehler almost 17 years ago
- Status changed from New to Fixed
- Resolution set to invalid
Also available in: Atom