If anyone out there knows how to stop other web sites from linking directly to files on my site and displaying them on their site, I could really use some help!

I have pretty much no experience with Linux except moving around the o/s, copying files, taring up backups, etc... I was told before it has something to do with a "mod_" file.. .(??)

If anyone out there has experience doing this I'd be happy to Paypal some quick $ your way if you could do it for me....

I just want to make it so that my web server will only send requests if the link to the file came from one of my domains - no other domains. If another site links to one of my pages, that's fine - I just don't want them displaying files on their site, looking like it's hosted by their site, while it's my bandwidth being used up.

If you could send me a msg if you could do this, it would be much appreciated.

Yeah, mod_rewrite (installed by default). Create an .htaccess file in the html directory of your choice:Replace yourdomain.tld with your domain (use the in front of the period). That'll give them a "403 - Not Authorized" error (or a broken image on a remote server).


Edit : Oops --- might've been the [NC,F] --- should have defined the case and just did an F.

This is my .htaccess file in my root web dir (httpdocs) :

[root@plesk httpdocs]# cat .htaccess
ErrorDocument 404 /notfound.html
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*


order deny,allow
deny from all
allow from all


order deny,allow
deny from all

AuthName mydomain.com
AuthUserFile /home/httpd/vhosts/mydomain.com/httpdocs/_vti_pvt/service.pwd
AuthGroupFile /home/httpd/vhosts/mydomain.com/httpdocs/_vti_pvt/service.grp

-----------------------

So I just append that text replacing "yourdomain" with my domain name and that's it? (I was under the impression I'd have to edit a bunch of config files and insert mod_rewrite somewhere, edit paths, etc, etc...)

Ok, I just made a backup of .htaccess , replace yourdomain with my domain name, reloaded the web site and non of the pictures showed up (just blank placeholder boxes)

???

Is mod_rewrite installed by default or do I need to install that first?

As I said before, mod_rewrite is installed by default. And yes, you just add it to the end of your file.

But ... It you've gotten that far, where you got blank images, then mod_rewrite is working but something isn't right.

Just thinking, you could it better this way, anyway.... Let's say your domain is "thisisastupidnameforarewritedomain.org" :First, it checks to see if the request is for a graphic. If yes, next. Next, it checks to make sure the referrer is *not* empty. If yes, next. Next, if checks to Referrer to see if something besides your site. If yes, it continues. The last line throws a "403 - Access Forbidden" error.

Ok, now the:

!thisisastupidnameforarewritedomain.org [NC]

part... should I change the .org to .com (my domain is a .com) and the

!thisisastupidnameforarewritedomain

to !mydomain.com

or just

!mydomain

eg: so the finished line looksl ike

!mydomain.com [NC]

??? or...

!mydomain.com [NC]

I think I covered that .. twice? ;-)
So ...

PS: Thanks in advance for all the help so far!

Ok I appended that new text to the file (removed the first batch of text from the end of the .htaccess file)

I have another domain, and created a temp.html file on it, inserted a picture directly from my other domain with full URL to the picture, loaded the page up on my 2nd domain and it showed up with no problems. (???)

in otherwords, I hotlinked a file on a page on a different domain of mine from the domain that's not supposed to allow hotlinking and it still worked.

Ok, the domain I DON'T want hotlinking available from is baystreetbullies.com (my hockey site) - the temp page is: http://www.area53.net/temp.html

That picture at http://www.area53.net/temp.html (which is just a banner pic from baystreetbullies.com) shouldn't show up - but it does.

???

My current .htaccess file in my root web dir (/home/httpd/vhosts/baystreetbullies.com/httpdocs) is:

[root@plesk httpdocs]# cat .htaccess
ErrorDocument 404 /notfound.html
# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*


order deny,allow
deny from all
allow from all


order deny,allow
deny from all

AuthName baystreetbullies.com
AuthUserFile /home/httpd/vhosts/baystreetbullies.com/httpdocs/_vti_pvt/service.pwd
AuthGroupFile /home/httpd/vhosts/baystreetbullies.com/httpdocs/_vti_pvt/service.grp

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !baystreetbullies.com [NC]
[root@plesk httpdocs]#

Where's the last line?Also, you'll probably need "RewriteEngine on" just above the RewriteCond lines...

YES! YES! YES!!!

It looks like that line was the only thing missing! A test page set up on another domain trying to directly display a file from my baystreetbullies domain is no longer showing up!!!

Thank you SOOOO much!!!

Acck! Just noticed 2 problems (not sure if it's a problem with mod_rewrite or the specific code I entered for it)

1: web site "search" (Frontpage web component) now gives forbidden error
2: logging in to web sites with Frontpage now gives errors saying no web server is found at that address.

Hmm..

Not sure about the search --- I don't know enough about how Frontpage components work.

But for the 403 error it's probably getting, after the last RewriteCond and prior to the RewriteRule, add another line:(change it to a static IP of the client using FrontPage)

I changed it to my IP address here but yah... still getting same errors with the site search and trying to login to the site with Frontpage. I'll have to do a web search for Frontpage working with mod_rewrite

ps: thanks a bunch for the replies though!

Hmm, if they're added, then there's ... hmm .. ahh, you could add an additional rule: