• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avoid direct-linking to images

#1
[eluser]veledrom[/eluser]
Hi,

Code:
$file_content = file_get_contents('web/docs/hello.pdf');
$new_file_name = 'hello.pdf';
force_download($new_file_name, $file_content);

If anyone knew this part 'web/docs/hello.pdf', they would have direct access to it but thank to force_download() which helps us to avoid direct-linkers.

Now, I want to display pictures on my site and want to avoid direct-linking. Is there any particular way of doing it CI?

'web/img/image.png' part shouldn't be visible to anyone if they check source code in browsers.

I have this as my htaccess in root:
Code:
RewriteEngine on
RewriteCond $1 !^(index\.php|web|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]

Thanks

#2
[eluser]Anonymous[/eluser]
There is really no good reason to hide this. You still want the browser to be able to see it don't you ?

In case you want to prevent hotlinking i suggest you filter on http referer (do this on your apache server).

Another way would be to serve all images through a controller. Generate a hash when the page is created, and let it expire after an hour or so.

Code:
<img src="/web/imageController/image.png/thehashjustgenerated" />

When a image is requested on the controller let the controller check if the hash is valid and serve the image.

#3
[eluser]CroNiX[/eluser]
Don't waste resources having CI process that. Just prevent hotlinking images or whatever via htaccss.
http://altlab.com/htaccess_tutorial.html

#4
[eluser]veledrom[/eluser]
[quote author="CroNiX" date="1337892109"]Don't waste resources having CI process that. Just prevent hotlinking images or whatever via htaccss.
http://altlab.com/htaccess_tutorial.html[/quote]

I'll try to modify my current htaccess and see how it goes. Just an info, I did changes to my current htaccess before but no image, no css, js worked on my site. Let's see what happens this time.

#5
[eluser]InsiteFX[/eluser]
Smarter Way To Prevent Image Hotlinking with .htaccess

#6
[eluser]veledrom[/eluser]
Ok guys. I'll try it on Monday but one last thing.

I read both htaccess tutorials (in links above) and confused me little since I have no knowledge about htaccess files.

What I need is to block everyone including blank referrals and those behind proxies. Redirect them to a page in my website http://www.mysite.com/error

Note: My current htaccess file allows my scripts to read css, images and js files in web folder. If blocked site wont work. Please consider this.

I combined yours with mine but messed all.

#7
[eluser]veledrom[/eluser]
I can still hot-link to the images with these modified htaccess files:

Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?:
RewriteRule \.(jpg|jpeg|png|gif)$ http://codeigniter.com/images/design/ci_logo2.gif [NC,R,L]
RewriteCond $1 !^(index\.php|web|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]

Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?thisismysite\.co.uk/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://codeigniter.com/images/design/ci_logo2.gif [L]
RewriteCond $1 !^(index\.php|web|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]

Please help.

My CI folder structure:

Code:
.htaccess
index.php
license.txt
application
system
web
  - images
    - all the images are here
  - css
  - js
  - index.html

#8
[eluser]veledrom[/eluser]
Any help?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.