Unix tutorial Contact as






The .htaccess notes. Hotlink protection, Time Based Redirection, Cookie Password Protection

The original of this article you can find here.


.htaccess
Hotlink Protection
RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://webpimps.com.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://www.webpimps.com.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://webpimps.com:80.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://www.webpimps.com:80.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://216.222.134.77.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://216.222.134.77:80.*$ [NC] 
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.webpimps.com/hotlink.html

This htaccess script will protect you from hotlinking. Once you upload the htaccess file, 
then in hotlink.html just put the code below. There is no need to design a page for the 
surfer here, as the browser won't display this page to the surfer. You could also redirect 
the hotlink hit to an image that said something like "Visit YourSite.com", just make sure 
that the image is in a folder that doesn't get affected by this htaccess hotlinking protection. 

<HTML>
<BODY>
Please <A HREF="/">Click Here</A> to continue.
</BODY>
</HTML>

Time Based Redirection
RewriteEngine on 
RewriteCond %{TIME_HOUR}%{TIME_MIN} >0100
RewriteCond %{TIME_HOUR}%{TIME_MIN} <1200
RewriteRule ^.*$ http://www.webpimps.com/morning.html

Daily Page Change
Create 31 pages one for each day of the month and name them 01.html, 02.html ... 30.html, 31.html 
Now whenever index.html is hit the page of the day will be loaded instead. This is a quick 
and easy way to load a fresh FPA each day without much maintenance. 

RewriteEngine on 
RewriteCond %{TIME_DAY} >1
RewriteRule ^.*index\.html$ %{TIME_DAY}.html

Cookie Password Protection
Make a folder to be protected.
Then upload a .htaccess file with the following lines.

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*access=granted.*$
RewriteRule .*$ http://www.yourdomain.com/loginerr.htm

Its a good idea to change access=granted to your own "password" to stop people from being 
able to guess it. Create a file and call it whatever you like (some hard to guess), 
put it in a public folder. 

<HTML>
<HEAD>
<SCRIPT>
function setCookie(name, value, expires, path, domain, secure) {
  var curCookie = name + "=" + escape(value) +
      ((expires) ? "; expires=" + expires.toGMTString() : "") +
      ((path) ? "; path=" + path : "") +
      ((domain) ? "; domain=" + domain : "") +
      ((secure) ? "; secure" : "");
  document.cookie = curCookie;
}
function fixDate(date) {
  var base = new Date(0);
  var skew = base.getTime();
  if (skew > 0)
    date.setTime(date.getTime() - skew);
}
var now = new Date();
fixDate(now);
now.setTime(now.getTime() + 365 * 24 * 60 * 60 * 1000);
setCookie("access", "granted", now);
</SCRIPT>
</HEAD>
<BODY>

<A HREF="protected/">Enter Here</A>

</BODY>
</HTML>

The code above will create the cookie to be read by the htaccess file. If the visitor hasn't 
been to this page, they won't get access. 
keyword.jpg Redirection

If your using SE doorway pages, and they include images. Then to make sure that those image 
will load an actual image (rather than a 404 error) you will need to redirect *.jpg to an 
image on your server. Make sure the im
age isn't under a path that is affected 
by these htaccess lines. 

RedirectMatch .*\.[Jj][Pp][Gg]$ http://yourdomain.com/images/image.jpg
RedirectMatch .*\.[Gg][Ii][Ff]$ /images/image.gif

Stop IIS Worms (BW Eaters)
Windows IIS webserver is a piece of junk, and this is coming from a long time windows programmer. 
There are currently several worms that exploit problems with IIS server, they search out one 
of the many path problems in IIS that would allow them to run cmd.exe which is the NT dos shell. 
Unfortunately when hitting your apache server the worm will be served a 404 page. This can take 
up a lot of bandwidth if a lot of worm threads are searching your sites. To stop these 
worms cold you can redirect their hits to an invalid host with the following code. 
Currently I'm only using the first line of this as it stops most of the hits. 

RedirectMatch (.*)cmd.exe$ http://stoptheviruscold.invalid$1
RedirectMatch (.*)root.exe$ http://stoptheviruscold.invalid$1
RedirectMatch (.*).dll$ http://stoptheviruscold.invalid$1

Stopping Cascading Rules
If you have a time based redirection, a daily page change or some other specfic mechanism in your 
root directory then you may want to turn it off on certain sub-directories. To do so you'll have 
to include what code you want to remain active, while disabling the directory cascade of other 
features with the following line after your current entries. 

RewriteEngine on 
# Your currently active entries

RewriteRule ^.*$ -

Cookies Disabled Surfer Trap
The idea of a No Cookie trap is to segregate surfers without cookies enabled and give that traffic 
a different experience at your site. You could show them an image saying "Enable Your Cookies", 
redirect them to a page explaining the benefits of having cookies turned on or you could even 
redirect them straight to a sponsor (one that doesn't use cookies to track surfers).

Depending on your site type this could mean a productivity or profitability increase or drop. 
It would all depend on your site. So plan things carefully and understand why and how your going 
to use the "no cookie" traffic.

When using the code below make certain you test your site with cookies disabled. Also be aware that 
if the code is placed in certain ways in certain locations it will also be responsible for blocking 
SE spiders and other bots, something you want to avoid. 

Setting the Cookie
Place the following code in the <HEAD> tags. This will set a cookie for the current domain and directory. 
You can then use this cookie on subsequent hits to check to see if the browser had cookies enabled. 

<META HTTP-EQUIV="Set-Cookie" CONTENT="cookies=true">

If you have mod_headers installed on your server then the following htaccess code may be a better solution. 
Header set Set-Cookie "cookies=true"

Method 1
If you set the cookie on your HTML page then check for it's existence on all hits to images then you can 
display a special image to those with cookies disabled. For example if the cookie doesn't exist a 
"Enable Your Cookies" gif could be shown instead of the actual image. Include this code in your 
main page somewhere on your site where it will be loaded before the images. This could be the entry, 
FPA, or main pages. If you include it on your image pages then it may be easier to control which 
images are affected. Remember that every file ending in gif or jpg will be checked using the htaccess below. 
This might mean your adverts are replaced with "enable your cookies" as well as your content. To avoid 
this you can put your content and the htaccess in a separate directory to your adverts. 

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*cookies=true.*$
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ /cookies/enable.gif

Or 
RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*cookies=true.*$
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.webpimps.com/cookies/enable.gif

One last point is to make sure the "enablecookies.gif" isn't in a directory affected by this htaccess. 
Method 2
If all your images are on HTML pages and these pages have a common naming scheme then you can use 
this to your advantage and redirect hits to those image HTML pages to a completely different HTML 
page. When the surfer hits any of your pages you set a cookie using the meta tag code. Now you use a 
regular expression in your htaccess ReWrite rules so that any hits made to your image HTML pages 
(image1.html, image2.html ... image10.html) which don't have cookies enabled can be redirected to another 
HTML page that either explains cookies or sends the surfer to a sponsor which 
doesn't use cookies to track their visitors. 

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*cookies=true.*$
RewriteRule .*/image(.*).html$ /trap/nocookies.html

Or 
RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*cookies=true.*$
RewriteRule .*/image(.*).html$ http://www.nocookiesponsor.com/?yoursponsor

Method 3
You can use a gateway page to check for the cookie. This could be done with CGI scripts but there 
is a way to do it using simple HTML and htaccess. Make a FPA just like most sites except your FPA will 
also checks for cookies. If you use something similar to method 2 you can redirect any hits to the gateway 
page that don't have cookies. Of course you'd have to set the cookie on your entry page or any other 
page loaded before the gateway. 

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*cookies=true.*$
RewriteRule .*gateway.html$ /trap/nocookies.html





Back to main page


Copyright © 2003-2016 The UnixCities.com
All rights reserved