Using .htaccess in Cpanel to block domains that pirate images
In simpler times I dealt with image pirates by substituting a jpg image of my copyright violation warning for the pirated image and replacing it with a renamed original image in the html code for the affected page. Once I substituted a picture of a roasted caterpillar that I found in a nut; it's still on the offending site. There are too many such images nowadays, so I have tried to edit my .htaccess file in cpanel, to which I can add new lines, one for each offending domain, whenever I check the "recent visitors" file in cpanel.
I attempted to make use of the instructions posted here:
http://www.whoishostingthis.com/blog/2011/03/04/hotlink-protection-cpanel/
Here's a truncated version of my .htaccess file, with sensitive information taken out:
|RewriteEngine on
|StuffThatWorks
|order allow,deny
|allow from all
|/StuffThatWorks
|
|RewriteCond %{HTTP_REFERER} !^http://(www\.)mydomain01\.com/ [NC]
|RewriteCond %{HTTP_REFERER} !^http://(www\.)MyDomain02\.com/ [NC]
|RewriteCond %{HTTP_REFERER} ^http://(www\.)blockeddomain01\.info/ [NC,OR]
|RewriteCond %{HTTP_REFERER} ^http://(www\.)blockeddomain02\.org/ [NC]
|RewriteCond %{HTTP_REFERER} !^$
|RewriteRule \.(jpeg|jpg|htm|html)$ - [F]
|deny from IP.address0001
|deny from IP.address0002
|...
|deny from IP.address1567
So far, my changes (everything but the long list of "deny from IP.address####") have had no effect at all. Is that because my syntax is wrong, or is it because the offenders are using redirects, etc. ?
Has this something to do with If a directive is permitted in a .htaccess file, the documentation for that directive will contain an Override section, specifying what value must be in AllowOverride in order for that directive to be permitted
https://httpd.apache.org/docs/2.4/en/howto/htaccess.html
Success; here's my modified version of my .htaccess file (thoroughly cleansed, of course):
|RewriteEngine on
|StuffThatWorks
|order allow,deny ... this refers to the 403 error file that's displayed instead of the hotlinked image.
|allow from all
|/StuffThatWorks
|
|# RewriteCond %{HTTP_REFERER} !^http://(www\.)mydomain01\.com/ [NC] ... unnecessary
|# RewriteCond %{HTTP_REFERER} !^http://(www\.)MyDomain02\.com/ [NC] ... unnecessary
|RewriteCond %{HTTP_REFERER} ^http://(www\.)blockeddomain01\.info/ [NC,OR]
|RewriteCond %{HTTP_REFERER} ^http://(www\.)blockeddomain02\.org/ [NC]
|RewriteCond %{HTTP_REFERER} !^$
|# RewriteRule \.(jpeg|jpg|htm|html)$ - [F] ... unnecessary
| RewriteRule \.(jpeg|jpg|JPEG|JPG|bmp|BMP)$ - [F]
|deny from IP.address0001
|deny from IP.address0002
|...
|deny from IP.address1567
This code returns 403 errors for attempts to hotlink my images, but only when the extension appears in the URL.
A few pirate sites fail to do that, but in my "recent visitors" log most of them appear to be blocked anyway.
Be careful to check the effectiveness of the .htaccess file on your protected webpage ... lest everyone get 500 errors !