Hotlink protection #711

38max · 2024-08-20T21:33:41Z

38max
Aug 20, 2024

That you do not have direct access to the file and can download it but only if you are on the website where it is embedded and you only have access via the website

rejetto · 2024-08-20T21:35:16Z

rejetto
Aug 20, 2024
Maintainer

you mean this option?

2 replies

38max Aug 20, 2024
Author

Yes, that could be it

38max Aug 23, 2024
Author

I have tested that this does not work I can still download via the direct link to the file this is what a rewrite rule looks like on an Apache server for example

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourdomain.com [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]

Onimansd · 2024-08-23T07:55:20Z

Onimansd
Aug 23, 2024

This is a good idea then no one can download anything via the direct link and has to go to the website to download

0 replies

rejetto · 2024-08-23T07:56:31Z

rejetto
Aug 23, 2024
Maintainer

sorry, that option does what it says, affects "other websites", and doesn't affect "direct" access to a file.
so, i guess, it's half of what you want to do. Right?
if you don't want those files to be accessed without a referer, you can use this server-code (in options)

exports.middleware = ctx => {
  if (/\.(png|gif|jpe?g)$/i.test(ctx.url) && !ctx.get('referer'))
    ctx.status = 403
}

0 replies

38max · 2024-08-24T06:23:51Z

38max
Aug 24, 2024
Author

I have adjusted the code that works for me now I can only access the files via the registered domain

/**
 * Middleware function to implement hotlink protection for image and video files.
 * Checks if the requested file is an image or video and if the Referer header is present and allowed.
 * If not, returns a 403 Forbidden status.
 */
exports.middleware = ctx => {
  // Check if the requested URL is an image or video file
  if (/\.(png|gif|jpe?g|mp4)$/i.test(ctx.url)) {
    const allowedReferers = ['your-domain.com', 'another-allowed-domain.com']; // Whitelist of allowed domains

    // Check if the Referer header is present and if it is in the whitelist
    if (!ctx.get('referer') || !allowedReferers.some(referer => ctx.get('referer').includes(referer))) {
      // If no Referer is present or it is not in the whitelist, set the status code to 403 (Forbidden)
      ctx.status = 403;
    }
  }
};

0 replies

rejetto · 2024-08-24T08:48:38Z

rejetto
Aug 24, 2024
Maintainer

it looks like this variant is equivalent to my_version + the_links_option

0 replies

PH5HP · 2024-08-25T18:50:40Z

PH5HP
Aug 25, 2024

Hi,

Maybe an idea to put this into a plugin?

Kind regards,
Henk - https://fileserver.ph5hp.nl - https://ph5hp.nl

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hotlink protection #711

{{title}}

Replies: 6 comments 2 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Hotlink protection #711

38max Aug 20, 2024

Replies: 6 comments · 2 replies

rejetto Aug 20, 2024 Maintainer

38max Aug 20, 2024 Author

38max Aug 23, 2024 Author

Onimansd Aug 23, 2024

rejetto Aug 23, 2024 Maintainer

38max Aug 24, 2024 Author

rejetto Aug 24, 2024 Maintainer

PH5HP Aug 25, 2024

38max
Aug 20, 2024

Replies: 6 comments 2 replies

rejetto
Aug 20, 2024
Maintainer

38max Aug 20, 2024
Author

38max Aug 23, 2024
Author

Onimansd
Aug 23, 2024

rejetto
Aug 23, 2024
Maintainer

38max
Aug 24, 2024
Author

rejetto
Aug 24, 2024
Maintainer

PH5HP
Aug 25, 2024