rejetto forum

Allowed Referer does not help in this case ..

surikat · 14 · 6119

0 Members and 1 Guest are viewing this topic.

Offline surikat

  • Occasional poster
  • *
    • Posts: 74
    • View Profile
There is a resource where hotlinking takes place with the help of the browser extension:
http://www.hamatata.com/lib
An extension is installed, then video is launched on any site. Then click on the "H" extension button. And you can watch without problems on the site of Hamata.  :(
My site is hosted. Hfs on a PC shares video on site.
How to protect from hotlinking?  :o


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
jquery / java scripting -
http://stackoverflow.com/questions/5429649/how-to-prevent-javascript-linking

To discourage hotlinking you could put annoying code in the script and have that execute if window.location doesn't match your own site:

while (window.location.hostname !== 'www.example.com')
  alert('Plz stop hotlinking');

etc...
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline surikat

  • Occasional poster
  • *
    • Posts: 74
    • View Profile

Thank you so much! But the question arises in which script to add this:

Quote
while (window.location.hostname !== 'www.example.com')
  alert('Plz stop hotlinking');
  ?

Sorry for the dullness! :)


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
@surikat, wait a minute:

                           
"Calling to Doctor Mars, calling to Doctor Mars,
please report yourself at this ward...
A patient is awaiting your help...
" ;D


> Sorry for the joke, this forum needs a little fun!!.... :D
(I don't know the solution, but this must be very easy)

  
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
there are many ways to impalament code in hfs...
First i would go to advace mode / expert mode

then got to html/template: "edit tempalte"

and add that code line in that template (under the header at the top)
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
    Default tempalte and where i would place the code. ( in the header after the html calling of javascript / the first line of the body so its ready right when thewebpage loads...


    Welcome! This is the default template for HFS 2.3
    template revision TR2.

    Here below you'll find some options affecting the template.
    Consider 1 is used for "yes", and 0 is used for "no".

    DO NOT EDIT this template just to change options. It's a very bad way to do it, and you'll pay for it!
    Correct way: in Virtual file system, right click on home/root, properties, diff template,
    put this text
[+special:strings]
and following all the options you want to change, using the same syntax you see here.

[+special:strings]
option.paged=1
COMMENT this option causes your file list to be paged by default

option.newfolder=1
option.move=1
option.comment=1
option.rename=1
COMMENT with these you can disable some features of the template. Please note this is not about user permissions, this is global!

[]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8">
   <title>{.!HFS.} %folder%</title>
   <link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
    <script type="text/javascript" src="/?mode=jquery"></script>
   <link rel="shortcut icon" href="/favicon.ico">
   <style class='trash-me'>
   .onlyscript, button[onclick] { display:none; }
   </style>
    <script>
    // this object will store some %symbols% in the javascript space, so that libs can read them
    HFS = { folder:'{.js encode|%folder%.}', number:%number%, paged:{.!option.paged.} };
    </script>
   <script type="text/javascript" src="/?mode=section&id=lib.js"></script>

###########################################
   
// place hear in header or
<script>
   while (window.location.hostname !== '(Public ip address of HFS/DNS name')
  alert('Plz stop hotlinking');
  </script>

########################################################

</head>
<body>

##############################################################

// place hear in body
<script>
   while (window.location.hostname !== 'www.example.com')
  alert('Plz stop hotlinking');
  </script>

###########################################################


<!--{.comment|--><h1 style='margin-bottom:100em'>WARNING: this template is only to be used with HFS 2.3 (and macros enabled)</h1> <!--.} -->
{.$box panel.}
{.$list.}
</body>
</html>
<!-- Build-time: %build-time% -->
====================================
##################################
etc.. hfs defatul tempalte (e3xced mesage llimit)[/list]
« Last Edit: May 17, 2017, 03:09:17 PM by bmartino1 »
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
Correct me if I'm mistaken, but using JavaScript only prevents the hotlinking of all resources loaded and contained on a HTML page, and NOT if a file is accessed directly. That's why I think this needs to be done using Macros at "file access" level (in the server), and not using JavaScript (which depends on a client side setting, on the user's browser).
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
you are correct leo:

as per the posted code from http://stackoverflow.com

quote "To discourage hotlinking you could put annoying code in the script and have that execute"

if some one has the direct file link, then the page loading the script will not work or alert them...
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline surikat

  • Occasional poster
  • *
    • Posts: 74
    • View Profile
if some one has the direct file link, then the page loading the script will not work or alert them...

So, all users of the site will show annoying code?
Then this does not make sense?




Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
So, all users of the site will show annoying code?
Then this does not make sense?

 this is because the script is not being loaded at all, just the file itself... It makes perfect senses... I know not a way to stop it, just to discourage...
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline surikat

  • Occasional poster
  • *
    • Posts: 74
    • View Profile
Probably you did not understand me correctly? My site has a different address and is on the hosting. HFS on the PC from which I share  the video to my site (CMS DLE).  Therefore it can not work.


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
Probably you did not understand me correctly?
Yes, you are right, I personally don't understand your configuration and what are you trying to achieve. It would be better if you share your HFS server IP, and your website URL, and give us a better explanation on how this it's supposed to work.
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
The web site would be located at an address XXXX, some pages sharing resources are located on an HFS server at a YYYY address (in this case, these are videos here),
 the problem is that the links to the hfs server Are certainly available in plain text and can be used in other web servers that do not suit him.

 This would be the same problem encountered on the web as those who use links to web images of sites not belonging to them instead of storing them on their own site, thus gaining room or free bass band at the expense of others websites

The ideal would be to allow hfs to recognize the address of its site as the only one to be allowed to access the video files.

The only solution that I imagine is that it is its site that makes access to videos as a proxy by putting them in a kind of temp memory before making them accessible to the user, thus allowing hfs to allow l Access to its files only from the web server address



Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
if you want to block SOME requests, and allow others, you have to be fully aware of what's the difference between the 2, and from the computer's point of view.
I don't think you already know this difference.
You have to record 2 requests, and study them.
Then you can create a command that forbids one and not the other.