This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
HotlinkBlocker
 Helicon Tech : HotlinkBlocker
Subject Topic: Unprotect subdirectory (Topic Closed Topic Closed) Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
gyxi
Newbie
Newbie


Joined: 16 July 2007
Online Status: Offline
Posts: 3
Posted: 16 July 2007 at 1:58pm | IP Logged  

I am currently successfully blocking every media file on my server with this regular expression:

@.*\.(jpg|gif|png|wmv|avi|mpg|mpeg)

I need, however, to allow hotlinking for a certain directory on my server.

This file needs to stay blocked:
www.mysite.com/files/public/image.jpg

But this file must not be blocked:
www.mysite.com/files/public/__thumbnails/image.jpg

Please help me construct a configuration file that accomplishes that.
Back to Top View gyxi's Profile Search for other posts by gyxi
 
gyxi
Newbie
Newbie


Joined: 16 July 2007
Online Status: Offline
Posts: 3
Posted: 17 July 2007 at 11:07am | IP Logged  

Someone at a community support site helped me construct this regex which does the job:

@/files/public(?!/__thumbnails)/.*\.(jpg|gif|png|wmv|avi|mpg|mpeg)

Funny thing though:

An avi should be accessible from whitelisted sites and it is. But not if the user chooses "Save Target As...". Is this a known problem or could it be helped by changing my configuration in some way?
Back to Top View gyxi's Profile Search for other posts by gyxi
 
Yaroslav
Admin Group
Admin Group


Joined: 15 August 2002
Online Status: Offline
Posts: 6521
Posted: 18 July 2007 at 4:31am | IP Logged  
This is known problem because IE doesnot send Referer header when saving target as. If you would use LINK protection method not based on referers it should not be a problem, but white lists works on referers.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top View Yaroslav's Profile Search for other posts by Yaroslav Visit Yaroslav's Homepage
 
gyxi
Newbie
Newbie


Joined: 16 July 2007
Online Status: Offline
Posts: 3
Posted: 20 July 2007 at 3:50pm | IP Logged  

Thanks for your help.

I have REFERER protection working, but I am trying to implement LINK as you suggested. I read your documentation. I changed the protection to LINK and inserted xxxxxxxxxxxxxxxx/ as part of the link. I get a 404 error. But the x-part of the link is changed correctly:

http://www.mysite.com/files/e276d1897c051734/public/myimage.jpg

If I attempt to visit the image at it's real location, it works fine. All in all, it seems to work exactly as it did when it was configured as REFERER. In IIS I pressed Set, Apply and even ran iisreset.

Here's my configuration:

Code:
#################################################
# HotlinkBlocker Configuration file

# Version 1, 4, 0, 56


Signature=55d0d33e-7cad-471d-9b1f-cabf82fef8a3
LinkExpires=3600
NotifyOrder=MEDIUM


[Protect]
LINK  @/files/public(?!/__thumbnails)/.*\.(jpg|gif|png|wmv|avi|mpg|mpeg) http://www.mysite.com/hotlink.jpg
LINK  @/files/private(?!/__thumbnails)/.*\.(jpg|gif|png|wmv|avi|mpg|mpeg) http://www.mysite.com/hotlink.jpg


[ReferersBlackList]
[ReferersWhiteList]
mysite.com
www.mysite.com
http://mysite.com
http://www.mysite.com
http://www.mysecondsite.com
[UserAgentsBlackList]
[UserAgentsWhiteList]

I am looking forward to receiving your suggestions.
Back to Top View gyxi's Profile Search for other posts by gyxi
 
Yaroslav
Admin Group
Admin Group


Joined: 15 August 2002
Online Status: Offline
Posts: 6521
Posted: 23 July 2007 at 7:48am | IP Logged  
Sorry for messing things for you. My key conclusion was that white lists works based on referer, so you cannot enable access from other web sites if clients does not send referer. ANother solution is to enable empty referers, you can do this by adding this small pattern to the whitelist @^$
Please note that it will also allow some clients that does not send referers to download protected content. If you only want to limit leech traffic than this solution should work well.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top View Yaroslav's Profile Search for other posts by Yaroslav Visit Yaroslav's Homepage
 

Sorry, you can NOT post a reply.
This topic is closed.

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum