Project

General

Profile

Bug #1481

Hotlinking protection with $HTTP["referer"] not working

Added by Anonymous almost 12 years ago. Updated almost 11 years ago.

Status:
Invalid
Priority:
Urgent
Assignee:
-
Category:
mod_rewrite
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

Hello All,

I tried to hotlink protect a lighthttpd server with the following rule. When I give this rule, no one can access the site images or videos directly. But issue is that the site example.com (which is on a different server) also cannot access the site. Example.com uses the lighty server to stream the audios and videos.

=======================================================

$HTTP["referer"] != "^($|(ftp|http)://(.*?\.)?.example\.com)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}

h55. tried without ftp also, $|http://(.*?\.)?.example\.com

$HTTPreferer != "^http://www\.example\.com)" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}

h55. When I used the following rule and added the remoteip rule, the streaming does not work.

$HTTPremoteip !~ "example.com_server_IP" {
$HTTPurl =~ "^/" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".wmv", ".avi", ".mpeg", ".mpg", ".gif", ".mp3", ".mp4", ".mov", ".wma", ".iso" )
}
}

=======================================================

Please help me or advice what I am doing wrong.

-- Davidjango

History

#1

Updated by Anonymous almost 12 years ago

Try a regex like.. ^($|(ftp|http)://(.*?\.)?example\.com)

Note the lack of a . before example.com (this will allow example.com without any subdomain - yours didn't) and the ^ at the beginning. If that doesn't work, ask in #lighttpd on irc.freenode.net or such. The bugtracker is not a help system ;)

#2

Updated by stbuehler over 11 years ago

  • Status changed from New to Fixed
  • Resolution set to invalid
#3

Updated by stbuehler almost 11 years ago

  • Status changed from Fixed to Invalid

Also available in: Atom