Home General support

how to : hotlink protection

vincent3569 Member, Translator
in General support

hi
how this option is supposed to work?
it supposed to prevent hotlinking to the full image from other domains but I can't figure what it means.
with that option and protected view option I can access to full image without being redirected to image page.

Comments

  • acrylian Administrator, Developer

    If you use getUnprotectedImageURL() on your theme explicitly it will be bypassed not matter of the option. Use getProtectedImageURL() instead.

  • vincent3569 Member, Translator
    edited March 2018

    In most parts of my themes, I use getFullImageURL() that uses option protect_full_image.

    but in fact, I am speaking about option hotlink protection. I can't figure what this option is supposed to do.

  • acrylian Administrator, Developer

    Normally the full image is linked directly and not via the full image page. It is internally used within the full image page and checks for the referrer if enabled and otherwise blocks the access. it is of course not 100% secure as browser can hide that referrer.

    A real and proper hotlink protection is of course only possible server side using htaccess or similar on other systems. Everything that does not go through ZP itself is outside of its control.

  • wibbi Member
    edited April 2018

    .htaccess
    Try this:

    # Hotlinking forbidden
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ /? [NC,R]

    Swap example.com for your domain.

  • acrylian Administrator, Developer
    edited April 2018

    FYI:
    http://www.zenphoto.org/news/htaccess-against-hotlinking/
    or directly https://github.com/zenphoto/Unsupported/blob/master/misc/htaccess-against-hotlinking/htaccess.txt

  • wibbi Member

    Good work.
    My rule was modifyed for Google Image Search, and by URLs without suffix there are linked to the image page directly when call the image URL. But Google Image Search removed the "View Image" button and it's no longer realy necessary. I will test yours.
    Attention for your-replacement-image. It's possible search engine think this is cloaking.

  • acrylian Administrator, Developer
    edited April 2018

    Yes, but since this htaccess is to block external referrers it does not matter, right? Since they cannot even index it anyway.

    Besides as always that htaccess is by all means meant to be modifyied to personal needs.

  • wibbi Member

    Yes, but since this htaccess is to block external referrers it does not matter, right? Since they cannot even index it anyway.

    That's the great Question. I think indexing is possible. Download is possible.

    The htaccess rule does not mean that something is blocked, but that only under your own domain is allowed to display the images/videos.

Sign In or Register to comment.