Abe Hassan (burr86) wrote in lj_userdoc,
Abe Hassan
burr86
lj_userdoc

Change to FAQ 73

As a result of timwi's post here, I've edited FAQ #73 (How can I stop LiveJournal users from using my bandwidth by configuring my Apache server?). I've incorporated all of his suggestions. Additionally, I changed the email address they are supposed to contact from bradfitz@livejournal.com to webmaster@livejournal.com -- or should it remain bradfitz?

Before I make this change, I'd like for someone to look at it and make sure I caught all of the things that were to be changed. As soon as I know this is okay, I'll make the update.


How can I stop LiveJournal users from using my bandwidth by configuring my Apache server?

Before:
Rather than trying to stop each and every user that may attempt to steal your bandwidth by referencing images directly off your webserver, why not fix the real problem? Let's fix your webserver's configuration so it won't even allow this!

If you're running Apache (most people are), just add this to your httpd.conf configuration file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com/.*$ [NC]
RewriteCond %{REQUEST_URI} !^/okay_image\.jpg
RewriteCond %{REQUEST_URI} !^/okay_image2\.gif
RewriteCond %{REQUEST_URI} !^/another/okay_image3\.jpg
RewriteCond %{REQUEST_URI} !^/final/okay_image\.gif
RewriteRule .*\.(jpg|gif)$ - [F]

Before you do this, however, make sure you have the mod_rewrite module
compiled into Apache. It comes standard with Apache, but not all sites have it enabled.

I'll explain what the above lines do, step by step:

RewriteEngine on

Turns on the URL rewriting engine, so we can process rules.

RewriteCond %{HTTP_REFERER} !^$

All RewriteCond conditions have to be true for the final RewriteRule to be executed. This condition says that the Referer header the browser sends when requesting the file cannot be blank. (! means not... ^$ is an empty pattern to match. ^ means match the beginning of the line, $ means match the end. With nothing in between, it means match emptiness.)

RewriteCond %{HTTP_REFERER} !^http://domain\.com/.*$ [NC]

This says that any images references from your domain are acceptable... never deny them.

RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com/.*$ [NC]

Same thing, but with www. at the beginning.

Note that "\." means a literal ".". A period by itself means any character.

Now we want to make sure all of your images that are okay to share don't get
denied:

RewriteCond %{REQUEST_URI} !^/okay_image\.jpg
RewriteCond %{REQUEST_URI} !^/okay_image2\.gif
RewriteCond %{REQUEST_URI} !^/another/okay_image3\.jpg
RewriteCond %{REQUEST_URI} !^/final/okay_image\.gif

Finally, if all of the above conditions match, and the request ends in .jpg
or .gif, then deny it:

RewriteRule .*\.(jpg|gif)$ - [F]

That's it!

Email bradfitz@livejournal.com if you have any questions setting up your webserver to do this.



After: Instead of stopping every single user from using your bandwidth by linking to images on your server, this problem can be tackled from the root by making changes to the configuration that disallow unauthorized use of your bandwidth. Your webserver can be configured so it won't even allow this.

If you're running Apache (most people are), just add this to your httpd.conf configuration file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com/.*$ [NC]
RewriteCond %{REQUEST_URI} !^/okay_image\.jpg
RewriteCond %{REQUEST_URI} !^/okay_image2\.gif
RewriteCond %{REQUEST_URI} !^/another/okay_image3\.jpg
RewriteCond %{REQUEST_URI} !^/final/okay_image\.gif
RewriteRule .*\.(jpg|gif|png)$ - [F]

Before you do this, however, make sure you have the mod_rewrite module compiled into Apache. It comes standard with Apache, but not all sites have it enabled.

I'll explain what the above lines do, step by step:

RewriteEngine on

Turns on the URL rewriting engine, so we can process rules.

RewriteCond %{HTTP_REFERER} !^$

All RewriteCond conditions have to be true for the final RewriteRule to be executed. This condition says that the Referer header the browser sends when requesting the file cannot be blank. (! means not, ^$ is an empty pattern to match, ^ means match the beginning of the line, and $ means match the end. With nothing in between, it means match emptiness.)

RewriteCond %{HTTP_REFERER} !^http://domain\.com/.*$ [NC]

This says that any images referenced from your domain are acceptable and to never deny them.

RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com/.*$ [NC]

Same thing, but with www. at the beginning.

Note that "\." means a literal ".". A period by itself means any character.

RewriteCond %{REQUEST_URI} !^/okay_image\.jpg
RewriteCond %{REQUEST_URI} !^/okay_image2\.gif
RewriteCond %{REQUEST_URI} !^/another/okay_image3\.jpg
RewriteCond %{REQUEST_URI} !^/final/okay_image\.gif

These rules make sure all of your images that are okay to share don't get denied.

RewriteRule .*\.(jpg|gif|png)$ - [F]

This last line says that, if all of the above conditions match, and the request ends in .jpg, .gif or .png, then it should be denied.

That's it! If you have any questions configuring your webserver to do this, email webmaster@livejournal.com.
Subscribe
  • Post a new comment

    Error

    Comments allowed for members only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 5 comments