Howdy ya'll,

A website that hosts images has asked if they can block requests from http://cgi.ebay.com/ebaymotors/ but not from http://cgi.ebay.com/ is it possible?

They have a dedicated Apache server w/Linux

my guess is using htaccess but I do not know the proper syntax or if it is possible to block just http://cgi.ebay.com/ebaymotors/ and not http://cgi.ebay.com/

Kevin

I haven't tried it but does anyone see any problems with this code:


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://cgi.ebay.com/ebaymotors/$ [NC]
RewriteRule .*\uploads\busted.gif - [F]

OK, well the above code didn't do anything, so I tied this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://cgi.ebay.com/ebaymotors/.*$ [NC]
RewriteRule .*\.gif$ - [G]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://cgi.ebay.com/ebaymotors/.*$ [NC]
RewriteRule .*\.jpg$ - [G]


the above code blocks all referes except http://cgi.ebay.com/ebaymotors

how do I make it block only http://cgi.ebay.com/ebaymotors but allow access to gif and jpg by all other servers?

I think its about hotlinking images.

Try this code - a little diffrent from your 1st one

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://[/url)?[url]http://cgi.ebay.com/ebaymotors .*$ [NC]
RewriteRule.\.(gif|jpg)$ - [F]

Make sure that the server is installed with the mod_rewrite.o file.

Thanks, I'll give it a try tonight, the mod_rewrite.0 module/file is installed thanks :)

is it supposed to be exactly how I see it in your post...

http://[/url)?[url]http://cgi.ebay.com/ebaymotors

with the [/url)?[url]

and will that only block cgi.ebay.com/ebaymotors
but still allow cgi.ebay.com

No you dont need that [/url)?[url].

I have not tried using this code before but its supposed to work the way you want it to work.

when I use this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://cgi.ebay.com/ebaymotors .*$ [NC]
RewriteRule.\.(gif|jpg)$ - [F]

it only allows that server to view the gif/jpgs files, and blocks all other servers. Does that make sense?

hmmm.......

I dont know what is wrong.May be somthin wrong with the last line of the code.I checked out some tutorials
I found this tutorial to be good http://www.vnwr.com/resources/tutorials/htaccess.html

OK...I will try without the negation (!) because that basically says if the condition is not true then the rewrite will be executed, I want to condition to be true, not false. Thanks for the help I'll let you know if it works without the negation.

from my understanding Kevin, the line

RewriteCond %{HTTP_REFERER} !^$


is blocking everbody and then the next line lets just that one on. so try this

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://cgi.ebay.com/ebaymotors .*$ [NC]
RewriteRule.*\.(gif|jpg)$ - [F]

or

allow everyone except for certain hosts/IP addresses

AuthName "kevin's Secret Area"
AuthType Basic
<Limit GET POST>
order allow,deny
allow from all
deny from .cgi.ebay.com/ebaymotors
</Limit>

well I have been reading and my head hurts. :D

I think the RewriteCond is so that nobody but that url will be able to get on. so I don't think that will work for you. the last one I showed might be your only choice.

I will keep reading as this kind of implies to me also.

what about this


Host Deny
Description:
How can we forbid a list of externally configured hosts from using our server?

Solution:
For Apache >= 1.3b6: RewriteEngine on
RewriteMap hosts-deny txt:/path/to/hosts.deny
RewriteCond ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^/.* - [F]



For Apache <= 1.3b6:

RewriteEngine on
RewriteMap hosts-deny txt:/path/to/hosts.deny
RewriteRule ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
RewriteRule !^NOT-FOUND/.* - [F]
RewriteRule ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1
RewriteRule !^NOT-FOUND/.* - [F]
RewriteRule ^NOT-FOUND/(.*)$ /$1

##
## hosts.deny
##
## ATTENTION! This is a map, not a list, even when we treat it as such.
## mod_rewrite parses it for key/value pairs, so at least a
## dummy value "-" must be present for each entry.
##

193.102.180.41 -
bsdti1.sdm.de -
192.76.162.40 -

Hi scoutt,

I figured it out before reading any of your messages (looks like we were reading the same material) this code works to deny just this one specific server from any files in the directory that the htaccess file is uploaded to. I did not need to specify just images files since they wanted to block all files from this one specific server so I just used the wild card (.*)

AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://cgi.ebay.com/ebaymotors/.*$ [NC]
ReWriteRule .* - [F]

it seems to be doing the trick, cgi.ebay.com (of which there are many similar URLs) can still access the directory but cgi.ebay.com/ebaymotors can not. I'm not sure you can use more than the domain names or parts of the domain names in the allow/deny directive, if you put a trailing slash and more stuff after it might cause an internal server error.

Thanks to both of you guys for taking the time and energy to contribute to this thread, much appreciated.

Kevin