Anti-leech control using .htaccess

[Tony]

Using the .htaccess method of anti-leech control is Pretty Wortthless and can often cause many problems for your website.

You may see htaccess code such as this claiming to provide anti-leech control for, in this case, gif jpg and png files. What this code does is stop any request that was not referred from the yoursite.com domain name.

Code: Select all

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !error.gif$
RewriteCond %{HTTP_REFERER} !yourdomain.com
RewriteRule \.(gif|jpg|png)$ /error.gif [L]

The problem is this anti-leech method relies on the http-referer code. The referrer is sent by the client (browser). That is the problem. Referrer is blocked by many firewalls and is not sent by many configurations. So you may think you have stopped leeching problems, when what you have really done is block many people from seeing your website.

You can kid yourself into thinking it works, and run a test that shows it does. But it only blocks people who are sending you an invalid referrer code. Maybe better than nothing, but not much better. All those people who get blockled will just go somewhere else assuming your website has too many errors since your images will not show.

To solve this problem, you see many examples like this:

Code: Select all

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !error.gif$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !yourdomain.com
RewriteRule \.(gif|jpg|png)$ /error.gif [L]

The above example adds a line to let through any request which does not have a referrer code. Yes, this does allow all those configurations which block referrer code to see your images. However, if you open the door to allow anyone in with no referrer then you are watering down the protection to near worthless.

Then, to make matters worse, the referrer code can be easily faked anyway.

If you want to protect your images, consider using a watermark and denying access to the original unwatermarked copy. You can find a watermark script and associated access control instructions this Tips & Scripts page.

If you are having trouble with a site leeching taking too much bandwidth, block that site. You can find instructions for blocking traffic to your website on this Tips & Scripts page.

[Mysoogal]

does the .htaccess work for remote servers ? i want to stream my video from remtoe vps but i dont want other users to copy the link i only want them to view video on my website is that possible ?

i have 2 servers

Server 1 only website
Server 2 hosts my video clips, how to protect these files from users from server 1 ? so they dont direct link

also to note, that would probably only stream to videolan player which will be embeded into html in server 1

[Neo]

I assume both server1 and server2 are running Linux/Apache.
You can use .httaccess to avoid direct linking to the location of server2 with following method.

1. Create a file named ".htaccess" (with the dot at the beginning)
2. Put the following code into that file (just replace yourdomain.com with your domain name):

   Code: Select all

   RewriteEngine on 
   RewriteCond %{HTTP_REFERER} !^$ 
   RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC] 
   RewriteRule \.(asx¦ASX)$ http://www.yourdomain.com/images/leech.gif [R,L]

3. Create "leech.gif" image. That is the image which should the others see when trying to access your video file directly - not through your site.
4. Upload the "leech.gif" into the "images" folder of your site.
5. Upload the ".htaccess" file into the root folder of server2.

Since you have AVI files, replace asx¦ASX with avi¦AVI.

There are so many other methods to protect streaming media. Have a look at this link. Also have a look at Streaming Video Servers.

[Mysoogal]

thanks for your help, cleared lots of steps now i can protect my media from leechers