0

Please help me to resolve hotlinking, how to prevent direct access to this URL and redirect visitors to index.php:

http://www.example.com/index.php?link=http://www.anysite.com/dir/file&name=on&email=on&submit=on
BenMorel
  • 34,448
  • 50
  • 182
  • 322
Mikerobenics
  • 215
  • 6
  • 14
  • Do you want to block specific urls? Do you want to allow specific urls only? Where does the GET parameter `link` is processed? Some code? Too vague. Flagging in 5 minutes if the question is not revisited. – Shoe May 04 '11 at 07:18
  • I'm guessing you want to prevent deep linking. Normally this is done with apache's config rather than PHP, and there's almost certainly already a lot of questions on SO on the topic of preventing deep linking. – GordonM May 04 '11 at 07:24
  • See http://stackoverflow.com/questions/165975/determining-referer-in-php – Paul May 04 '11 at 07:25
  • No I dont want to block specific URL, "link" is dynamic, changes everytime, the rest is static, not changes. GET parameter processed on my index.php file. Normally this URL must be available only for users if they follow this from my index.php. – Mikerobenics May 04 '11 at 07:35
  • May be I need `htaccess` entry with some `QUERY_STRING`? But how? Any ideas? – Mikerobenics May 04 '11 at 08:00
  • Start posting the index.php file code... – Shoe May 04 '11 at 08:56

3 Answers3

1

are you searching for something like this:

if(!strpos('mysite.com',$_SERVER["HTTP_REFERER"])) header('Location: index.php')
Flask
  • 4,966
  • 1
  • 20
  • 39
  • not working, I can still access my link directly by copy-paste – Mikerobenics May 04 '11 at 07:57
  • HTTP_REFERER isn't very reliable. There are privacy plugins that will set random (or empty) ones, so it's possible to have a people who won't be able to access your links no matter what. – sfrench May 04 '11 at 08:07
0

For purposes of answering this, I'm going to assume you don't care if the same user accesses it multiple times (provided that the first visit came through the main index page). This also assumes the user will accept a cookies.

When on the main index page:

  1. start up a session on index.php
  2. put some random value inside their session. eg: md5(microtime()) = af1929191...
  3. also put that random value inside each url as another parameter eg: index.php?verify=af19...&link=http://foo.com

When loading a url:

  1. check to see if the "verify" param is set if it isn't there, redirect them back to main index page. Or more helpfully, since you are creating a weird behavior, show them a error message indicating what you are doing, and why.
  2. Start up the session and make sure that the value in their session matches the value in the url.
sfrench
  • 910
  • 5
  • 9
0

Using an htaccess file is a common solution to this problem:
from http://altlab.com/htaccess_tutorial.html
This code in particular redirects anyone trying to hotlink an image.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]
Andrew
  • 8,363
  • 8
  • 43
  • 71