Prevent Proxy Hotlinking

Hotlinking happens when someone links directly to a proxified image, video or website. This costs you money because it eats your bandwidth but since the user is not going through your proxy site, they will not see any advertising. This is a double whammy for proxy webmasters but it can be prevented.

Most proxy scripts do incorporate some form of hotlink protection, but it has been reported that sometimes it is simply not good enough to prevent all instances of hotlinking. Since bandwidth is the most costly part of running a proxy you need to ensure that you are earning as much as possible for your outlay. This can be achieved by redirecting links to hotlinked files back to your proxy homepage.

PHProxy:

Open in index.php file and paste the following immediately after <?php

// your domain below excluding the 'www.' 
$domain="yourproxy.com";
if($_GET['q']!=""){
$referer=$_SERVER['HTTP_REFERER'];
$count=substr_count($referer,$domain);
if($count==0){
if($_GET['q']!=""){
header("Location: http://www." . $domain . "/");
exit();
}
}
}

Zelune:

The code for the Zelune proxy script is very similar to that of PHProxy. Again you need to open index.php and immediately after <?php paste the following:

// your domain below excluding the 'www.' 
$domain="yourproxy.com";
if($_GET['__new_url']!=""){
$referer=$_SERVER["HTTP_REFERER"];
$count=substr_count($referer,$domain);
if($count==0){
if($_GET['__new_url']!=""){
header("Location: http://www." . $domain . "/");
exit();
}
}
}

CGI Proxy:

Open the ‘npi-proxy.cgi’ file then search for ‘Status: ‘: “HTTP/$HTTP_VERSION”;
Immediately below that paste the following:

if($ENV{'HTTP_REFERER'} =~ /^http:\/\/www.yourproxy.com/)
{
}
else
{
&redirect_to('http://www.yourproxy.com/', ");

Simple Apache method:

As an alternative to editing the proxy files directly if your proxy is hosted on an apache server (most are) another simpler way to prevent file hotlinking is to paste the following into your .htaccess file (replacing yourproxy.com with you own URL):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourproxy.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|swf|flv)$ - [NC,F,L]

This code will then return the broken image symbol if someone tries to hotlink files through your proxy. You can also return a custom image (i.e. an advert for your site) by replacing the last line with:

RewriteRule \.(jpg|jpeg|png|gif|swf|flv)$ /hotlink.jpe [NC,F,L]

If you decide to use an image remember two things.
1. The filetype extension must not be blocked by your rule in the previous line – by renaming a .jpg/.jpeg file as .jpe you can get around this issue.
2. The file should be small otherwise your bandwidth is still being eaten up to serve the image.

That’s it. Sadly none of these techniques are absolutely fool-proof and a determined person will always find a way to circumvent hotlink protection. However you should see a dramatic reduction in stolen bandwidth by implementing these tweaks.

Leave a Reply

Your email address will not be published. Required fields are marked *