Hello, I've added a htaccess to prevent hotlinking but it's not working for attachments.php.
What do I need to add?
Thank you
PinkStar
I tried a couple of htaccess I found. One redirected my traffic from my forum to my another subdomain and when trying to add php or attachment in RewriteRule it gives me a 403...
I've searched both here and google and I haven't found the answer yet... surely it can be done??
Thanks
*Bump* No one has ever had problems with hotlinking and figured out how to prevent it?
You can perhaps play with this code:
$url = parse_url($_SERVER['HTTP_REFERER']);
if ($url['host']!='yourdomain.com') {
exit("You can't download this file");
}
Add this to
attachment.php (the beginning of the file). I haven't tested this code and it might not be the best approach but it should do what you want.
Thank you for the reply and suggestion.
I'm not techsavvy enough so where in the "beginning of the file" do I add it?
Thank you!
PinkStar
No problems, this is how your attachments.php should look like once you have added the code.
<?php
$url = parse_url($_SERVER['HTTP_REFERER']);
if ($url['host']!='yourdomain.com') {
exit("You can't download this file");
}
/**
* MyBB 1.6
* Copyright 2010 MyBB Group, All Rights Reserved
*
* Website: http://mybb.com
* License: http://mybb.com/about/license
*
* $Id$
*/
(Make sure to change yourdomain.com)
Fantastic - it appears to be working.
I'm very greatful SentoWeb - thank you very much!
PinkStar
Can an addition to this code be added to add allowed urls?
Thank you again!
PinkStar
Sure.
<?php
$allowed_domains = array("sentoweb.com", "mybbtutorials.com"); // Make sure not to include the WWW version in this "list" (array)
$url = parse_url($_SERVER['HTTP_REFERER']);
// Let's get rid of the www's
if (strpos($url['host'], 'www.')===0 && substr_count($url['host'], '.') > 1) {
$url['host'] = str_replace('www.', '', $url['host'], 1);
}
if ($url['host']!='yourdomain.com' && !in_array($url['host'], $allowed_domains)) {
exit("You can't download this file");
}
(2014-01-12, 10:30 PM)SentoWeb Wrote: [ -> ]Sure.
<?php
$allowed_domains = array("sentoweb.com", "mybbtutorials.com"); // Make sure not to include the WWW version in this "list" (array)
$url = parse_url($_SERVER['HTTP_REFERER']);
// Let's get rid of the www's
if (strpos($url['host'], 'www.')===0 && substr_count($url['host'], '.') > 1) {
$url['host'] = str_replace('www.', '', $url['host'], 1);
}
if ($url['host']!='yourdomain.com' && !in_array($url['host'], $allowed_domains)) {
exit("You can't download this file");
}
Thank you very much, but this one doesn't work and no attachments are visible on my forum. I doublechecked that I had updated the l['host']!='yourdomain.com with my domain and also tried by adding it to the allowed domains line as well.
I'm unfortunally not able to figure out what the problem is.
When removing this new code and adding back the first one you wrote it works again.
Thank you again
PinkStar
replace
$url['host'] = str_replace('www.', '', $url['host'], 1);
$url['host'] = substr($url['host'], 4);
I have misused str_replace and substr is just a much cleaner method. This should work for you.