how to protect my images

[virtualadz]

a. i have a exclusive section in my site only for members, no matter i made it for memebers only, but anyone could get hold of those images by typing the url or linking to it from another page, is there a proper way by which i can protect my images, i dont worry if people take it away from inside the members section, but i dont want it to be taken away simply by linking or direct url. i wonder if there is any secure means. i need to protect my images .b. one second thing, which of the two do you people think i should take into making my image layout using css, these are the 2 urlshttp://www.alistapart.com/articles/practicalcss/http://www.webreference.com/programming/cs...les/gallery.htmthe 2nd one might be better as there is no need for the image to be opened in a popup window, as reqd. for the 1st one wher there is a need for a link and popup. which way (url) should i go/take into my image layout.

[Jonas]

Disabling hotlinking:http://www.bigdaddyforums.com/showthread.php?t=10

[virtualadz]

wow, of great help. but first of all, which one do i use thisRewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea.com\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(mp3|ogg|mpg|gif|jpg)$ - [R,NC,L]Options -indexesRewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea.com\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(gif|jpg)$ /images/antileech.gif [L]Options -indexes second i dont want to block all my images rather i will make a special folder for those images and all images under that folder should be blocked

[Jonas]

All images in that folder should be blocked? Then you just use that code in the .htaccess file in that spesific folder I think.RewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea.com\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(mp3|ogg|mpg|gif|jpg)$ - [R,NC,L]Options -indexesThat one ^ is for simply disabling hotlinking (I think they'll get a 401 or 403 error) I think. If you also want to give an other image when someone tries to hotlink from another site, you use this:RewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea.com\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(gif|jpg)$ /images/antileech.gif [L]Options -indexesMake an image with text saying you don't want people stealing your bandwidth or something like that...

[virtualadz]

i didn't understand, i haven't specified in the code under which folder to block all images, how will it know then?, my .htaccess file is located hereroot/folder/.htaccessand all the images will be under the folder- root/images/exclusiveRewriteRule \.(mp3|ogg|mpg|gif|jpg)$ - [R,NC,Lin the code above it's written to block all mpg,gif,jpg under my site.

[Jonas]

There should be a .htaccess file in each folder. You only put that code in the .htaccess file located inroot/images/exclusive

[virtualadz]

is it going to collide with my other .htaccess file, i am a little confused, but will give it a try.

[Jonas]

.htaccess file in your folder takes priority of the one in the parent folder, root folder or whatever, but if your .htaccess file doesn't change anything from the one in the root folder, that folder should just inherit the properties set down in root/.htaccess I think...

[virtualadz]

ok wait i paste my .htaccess under my folder root/includes/.htaccessbut just want to be on the safe side by confirming from you, that does it contain security information, that i should not make public, i dont know much about them

[virtualadz]

this is the file .htaccess under public_html/images/exclusive now i am going to upload it, and it is going to disable hotlinking for any image under the exclusive folder, isn't it? . i dont want my site's other images to be protected by this file. please confirm the below, as i will upload it now. many thanks# $Id: .htaccess,v 1.3 2006/06/14 10:53:20 hpdl Exp $# This is used with Apache WebServersRewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea.com\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(mp3|ogg|mpg|gif|jpg)$ - [R,NC,L]Options -indexes

[virtualadz]

hey could you please confirm if the above code is right

[Jonas]

Looks ok to me. Only thing left is to test it really.

[virtualadz]

here i go, but did you notice the .com coming twice, is it ok

[virtualadz]

ok , this is my final code:# $Id: .htaccess,v 1.3 2006/06/14 10:53:20 hpdl Exp $RewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(mp3|ogg|mpg|gif|jpg)$ - [R,NC,L]Options -indexesi set up a test image 1.jpg on url http://bhuratea.com/images/rare/1.jpganyone can access it directly via url and linking, nothing's protected???

[Jonas]

Hmm, perhaps you should try this:# $Id: .htaccess,v 1.3 2006/06/14 10:53:20 hpdl Exp $RewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea\.com/images/rare/ [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(mp3|ogg|mpg|gif|jpg)$ - [R,NC,L]Options -indexes

[virtualadz]

well this too didn't work. but i used the 2nd code instead and worked like a charm, like on the link and you get a image different from before. but still, anyone can link from their page and show it. try linking my image by creating a page on your server or computer, and you will see it. i think now we are getting close. any ideas about this?? i am googling a bitthis is the 2nd code:RewriteEngine onRewriteCond %{HTTP_REFERER} !^http://www\.bhuratea\.com [NC]RewriteCond %{HTTP_REFERER} !^$RewriteRule \.(gif|jpg)$ 2.gif [L]Options -indexes

[virtualadz]

i am sorry , i was too early to report, its still the same, i thing i forgot this:godaddy.com: "so these files can only be downloaded when they are referred from your server"this .htaccess doesn't do any good, the reason you see a different image is bcoz you are referred from a server other than bhuratea.com , try putting it directly in the address bar and it shows up the image. i dont think this .htaccess will do any good.

[Jonas]

Hmm, okay. Have you found anything else in your google search?

[virtualadz]

well, i dont think my idea is to prevent only hotlinking, i found a few but all of them nearly have the same code. hotlinking is bandwidth theft, this doesn't matter to me, even with hotlinking anyone can directly see my images that are specially for mmebers, so i think this feature is termed something different,