If you want your website to have friendly URLs you can use this .htaccess code. With this example code, the URL domain.com/about would cause the page about.htm to load.
RewriteEngine On
RewriteRule ^([^\./]+)$ /$1.htm [L]
With the above example, if there is no dot or slash in the requested name, and the request is not empty (meaning the default page), it will take the request and put .htm on the end.
RewriteCond %{HTTPS} on
RewriteCond %{HTTPS} !=on
order deny,allow
deny from 192.22.33.44
deny from badwebsite.com
You can specify a partial IP address (just the first three sets of numbers, for example) if you want to block a range of addresses.
You can also use a partial domain name.
Note that blocking by domain name depends on the browser sending the referrer code, which is blocked by some firewalls and browser configurations.
You can limit the blocking to certain files or directories by putting a <files> or <directory> tag around the code. When using the <files> tag you can specify a file name or a file type. See the example below:
<files image.gif>
order deny,allow
deny from 192.22.33.44
</files>
You can expand this to block multiple IPs or domain names and create a special error page. Create and upload a special page, in this example banned.htm, then use this in .htaccess:
ErrorDocument 403 /banned.htm
order deny,allow
deny from 192.22.33.44
deny from 192.66.77
<files banned.htm>
allow from all
</files>
You can also use this technique to make a private website (or directory) by restricting access by IP address.
Using the .htaccess lines below, only requests from the specified IP address will be allowed:
order allow,deny
allow from 192.22.33.44
Using the .htaccess method of anti-leech control is Pretty Wortthless and can often cause many problems for your website.
You may see htaccess code such as this claiming to provide anti-leech control for, in this case, gif jpg and png files. What this code does is stop any request that was not referred from the yoursite.com domain name.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !error.gif$
RewriteCond %{HTTP_REFERER} !yourdomain.com
RewriteRule \.(gif|jpg|png)$ /error.gif [L]
The problem is this anti-leech method relies on the http-referer code. The referrer is sent by the client (browser). That is the problem. Referrer is blocked by many firewalls and is not sent by many configurations. So you may think you have stopped leeching problems, when what you have really done is block many people from seeing your website.
You can kid yourself into thinking it works, and run a test that shows it does. But it only blocks people who are sending you an invalid referrer code. Maybe better than nothing, but not much better. All those people who get blockled will just go somewhere else assuming your website has too many errors since your images will not show.
To solve this problem, you see many examples like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !error.gif$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !yourdomain.com
RewriteRule \.(gif|jpg|png)$ /error.gif [L]
The above example adds a line to let through any request which does not have a referrer code. Yes, this does allow all those configurations which block referrer code to see your images. However, if you open the door to allow anyone in with no referrer then you are watering down the protection to near worthless.
Then, to make matters worse, the referrer code can be easily faked anyway.
The htaccess anti-leech method is just plain Pretty Worthless. Do not use it.
If you want to protect your images, consider using a watermark and denying access to the original unwatermarked copy. You can find a watermark script and associated access control instructions this Tips & Scripts page.
If you are having trouble with a site leeching taking too much bandwidth, block that site. You can find instructions for blocking traffic to your website on this Tips & Scripts page.
Options +indexes
IndexOptions FancyIndexing FoldersFirst IgnoreCase SuppressDescription
IndexIgnore .htaccess default_icon.gif directory_icon.gif
DefaultIcon default_icon.gif
AddIcon directory_icon.gif ^^DIRECTORY^^
RewriteEngine On
RewriteRule ^([^\./]+)$ /$1.htm [L]
With the above example, if there is no dot or slash in the requested name, and the request is not empty (meaning the default page), it will take the request and put .htm on the end.
Rewrites and https
If you are using https, then you may need to make some changes to your .htaccess code. If you are doing rewrites that use the full URL (for example http://domain.com/page.htm) and you will be switching between http and https, then you will need to add a RewriteCond to your code. You will need to test for https and code the full URL accordingly (using http or https). The following examples show how to test for https or the lack of https.RewriteCond %{HTTPS} on
RewriteCond %{HTTPS} !=on
Blocking traffic to your website
To block an IP address or a domain name from accessing your website, put these lines in your .htaccess file.order deny,allow
deny from 192.22.33.44
deny from badwebsite.com
You can specify a partial IP address (just the first three sets of numbers, for example) if you want to block a range of addresses.
You can also use a partial domain name.
Note that blocking by domain name depends on the browser sending the referrer code, which is blocked by some firewalls and browser configurations.
You can limit the blocking to certain files or directories by putting a <files> or <directory> tag around the code. When using the <files> tag you can specify a file name or a file type. See the example below:
<files image.gif>
order deny,allow
deny from 192.22.33.44
</files>
You can expand this to block multiple IPs or domain names and create a special error page. Create and upload a special page, in this example banned.htm, then use this in .htaccess:
ErrorDocument 403 /banned.htm
order deny,allow
deny from 192.22.33.44
deny from 192.66.77
<files banned.htm>
allow from all
</files>
You can also use this technique to make a private website (or directory) by restricting access by IP address.
Using the .htaccess lines below, only requests from the specified IP address will be allowed:
order allow,deny
allow from 192.22.33.44
Anti-leech
Using the .htaccess method of anti-leech control is Pretty Wortthless and can often cause many problems for your website.
You may see htaccess code such as this claiming to provide anti-leech control for, in this case, gif jpg and png files. What this code does is stop any request that was not referred from the yoursite.com domain name.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !error.gif$
RewriteCond %{HTTP_REFERER} !yourdomain.com
RewriteRule \.(gif|jpg|png)$ /error.gif [L]
The problem is this anti-leech method relies on the http-referer code. The referrer is sent by the client (browser). That is the problem. Referrer is blocked by many firewalls and is not sent by many configurations. So you may think you have stopped leeching problems, when what you have really done is block many people from seeing your website.
You can kid yourself into thinking it works, and run a test that shows it does. But it only blocks people who are sending you an invalid referrer code. Maybe better than nothing, but not much better. All those people who get blockled will just go somewhere else assuming your website has too many errors since your images will not show.
To solve this problem, you see many examples like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !error.gif$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !yourdomain.com
RewriteRule \.(gif|jpg|png)$ /error.gif [L]
The above example adds a line to let through any request which does not have a referrer code. Yes, this does allow all those configurations which block referrer code to see your images. However, if you open the door to allow anyone in with no referrer then you are watering down the protection to near worthless.
Then, to make matters worse, the referrer code can be easily faked anyway.
The htaccess anti-leech method is just plain Pretty Worthless. Do not use it.
If you want to protect your images, consider using a watermark and denying access to the original unwatermarked copy. You can find a watermark script and associated access control instructions this Tips & Scripts page.
If you are having trouble with a site leeching taking too much bandwidth, block that site. You can find instructions for blocking traffic to your website on this Tips & Scripts page.
Fancy default index page
If you want to have a more fancy default index page (list of files) this htaccess code may be what you need:Options +indexes
IndexOptions FancyIndexing FoldersFirst IgnoreCase SuppressDescription
IndexIgnore .htaccess default_icon.gif directory_icon.gif
DefaultIcon default_icon.gif
AddIcon directory_icon.gif ^^DIRECTORY^^
Comments
Post a Comment