Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/Info/htaccess ------------------------------------------------------------------------------ + This page has been deleted, please DO NOT recreate it again. - == Force a server to only use SSL and fix double logins == - If you really want to be sure that your server is only serving documents over an encrypted SSL channel ''(you wouldn't want visitors to submit a htaccess password prompt on an unencrypted connection)'' then you need to use the '''SSLRequireSSL''' directive with the +StrictRequire Option turned on. + Thanks, + pctony - {{{ - SSLOptions +StrictRequire - SSLRequireSSL - SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com - ErrorDocument 403 https://site.com - }}} - - The cool thing about using mod_ssl instead of mod_rewrite to force SSL is that apache gives mod_ssl priority ABOVE mod_rewrite so it will always require SSL. ''(may be able to get around first method using http://site.com:443 or https://site.com:80)'' - * An in-depth article about what this is doing can be found in the [http://www.htaccesselite.com/htaccess/redirecting-all-or-part-of-a-server-to-ssl-vt61.html SSL Forum] - - - - == How do I stop others from "hotlinking" my files? == - "Hotlinking" is when somebody displays an image (or any type of file actually) on somebody else's web site directly inline on their site! There's nothing particularly '''wrong''' with that, it's a big part of how the WWW was designed to work. However, it does "steal" the bandwidth of the original site, and could possibly infringe on a copyright. - - ==== Blocking specific domains ==== - The following code will return a '''403 Forbidden''' error instead of the requested image, but only when the image has been requested by ''badsite.net'' or ''badsite.com'': - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR] - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC] - RewriteRule \.(jpe?g|gif|png)$ - [F] - }}} - Note that in the above example, only images are being protected. To protect other resources, such as video and audio files, add additional extensions to the <code>Rewrite Rule</code> parentheses block. - - ==== Blocking most domains ==== - The following code will return a '''403 Forbidden''' error instead of the requested resource, unless requested from example.com or livejournal.com (note that one of the allowed sites should be the domain where the resource is actually used): - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^http://(www\.)?livejournal\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ - [F] - }}} - - ==== Blocking all domains ==== - The following code will return a '''403 Forbidden''' error instead of the requested resource, unless the referrer is example.com, which should be changed to the domain of the site where the image is used: - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ - [F] - }}} - - === Replacing images === - This method will '''still''' result in bandwidth theft, but it will protect your images. Bandwidth theft may reduce eventually as people learn linking your images will not work. - - ==== Replacing the image ==== - The following code will cause the remote server to display '''no_hotlink.jpg''' instead of the requested image: - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L] - }}} - - ==== Allow certain hotlinking ==== - The following code will cause the remote server to display '''no_hotlink.jpg''' instead of the requested image, unless the image has been requested from a specified directory ("'''dir'''"): - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/dir/ [NC] - RewriteCond %{HTTP_REFERER} !^$ - RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L] - }}} - - ==== Block specific domains ==== - The following code will cause the remote server to display '''no_hotlink.jpg''' instead of the requested image, but only when the image has been requested by ''badsite.net'' or ''badsite.com'': - {{{ - RewriteEngine On - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR] - RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC] - RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L] - }}} - - - - - == External Links == - * [http://wiki.mobbing-gegner.de/?action=fullsearch&context=180&value=apache&titlesearch=Titel german] tips and links for apache -