Technology Tales

Adventures in consumer and enterprise technology

TOPIC: LAMP

Using .htaccess to control hotlinking

10th October 2020

There are times when blogs cease to exist and the only place to find the content is on the Wayback Machine. Even then, it is in danger of being lost completely. One such example is the subject of this post.

Though this website makes use of the facilities of Cloudflare for various functions that include the blocking of image hot linking, the same outcome can be achieved using .htaccess files on Apache web servers. It may work on Nginx to a point too, but there are other configuration files that ought to be updated instead of using .htaccess when some frown upon the approach. In any case, the lines that need adding to .htaccess are listed below, while the web address needs to include your own domain in place of the dummy example provided:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

The first line activates the mod_rewrite engine, which you might have already done. For this to work, the module must be enabled in your Apache configuration, and you need permission to make these changes. This requires modifying the Apache configuration files. The next two lines examine the HTTP referrer strings. The third line permits images to be served only from your own web domain, not from others. To include additional domains, copy the third line and change the web address as needed. Any new lines should be placed before the final line that specifies which file extensions are blocked for other web addresses.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp)$ /images/image.gif [L,NC]

Another variant of the previous code involves changing the last line to display a default image showing others what is happening. That may not reduce the bandwidth usage as much as complete blocking, but it may be useful for telling others what is happening.

A collection of lessons learnt about web hosting

28th March 2008

Putting this blog back on its feet after a spot of web hosting bother caused me to learn a bit more about web hosting than I otherwise might have done. Here's a selection, and they are in no particular order:

  • Store your passwords securely and where you can find them because you never know how a foul up of your own making can strike. For example, a faux pas with a configuration file is all that's needed to cause havoc for a database site such as a WordPress blog. After all, nobody's perfect and your hosting provider may not get you out of trouble as quickly as you might like.
  • Get a MySQL database or equivalent as part of your package, rather than buying one separately. If your provider allows a trial period, then changing from one package to another could be cheaper and easier than if you bought a separate database and needed to jettison it because you changed from, say, a Windows package to a Linux one or vice versa.
  • It might be an idea to avoid a reseller unless the service being offered is something special. Going for the sake of lower cost can be a false economy, and it might be better to cut out the middleman altogether and go direct to their provider. Being able to distinguish a reseller from a real web host would be nice, but I don't see that ever becoming a reality; it is hardly in the resellers' interests, after all.
  • Should you stick with a provider that takes several days to resolve a serious outage? The previous host of this blog had a major MySQL server outage that lasted for up to three days, and seeing that was one of the factors that made me turn tail to go to a more trusted provider that I have used for a number of years. The smoothness of the account creation process might be another point worthy of consideration.
  • Sluggish system support really can frustrate, especially if there is no telephone support provided and the online ticketing system seems to take forever to deliver solutions. I would advise strongly that a host who offers a helpline is a much better option than someone who doesn't. Saying all of that, I think that it's best to be patient and, when your website is offline, that might not be as easy you'd hope it to be.
  • Setting up hosting or changing from one provider to another can take a number of days because of all that needs doing. So, it's best to allow for this and plan ahead. Account creation can be quick but setting up the website can take time while domain name transfer can take up to 24 hours.
  • It might not take the same amount of time to set up Windows hosting as its Linux equivalent. I don't know if my experience was typical, but I have found that the same provider set up Linux hosting far quicker (within 30 minutes) than it did for a Windows-based package (several hours).
  • Be careful what package you select; it can be easy to pick the wrong one, depending on how your host's sight is laid out and what they are promoting at the time.
  • You can have a Perl/PHP/MySQL site working on Windows, even with IIS being used in place instead of Apache. The Linux/Apache/Perl/PHP/MySQL approach might still be better, though.
  • The Windows option allows for .Net, ASP and other such Microsoft technologies to be used. I have to say that my experience and preference is for open-source technologies, so Linux is my mainstay, but learning about the other side can never hurt from a career point of view. After, I am writing this on a Windows Vista powered laptop to see how the other half lives, as much as anything else.
  • Domains serviced by hosting resellers can be visible to the systems of those from whom they buy their wholesale hosting. This frustrated my initial attempts to move this blog over because I couldn't get an account set up for technologytales.com because a reseller had it already on the same system. It was only when I got the reseller to delete the account with them that things began to run more smoothly.
  • If things are not going as you would like them, getting your account deleted might be easier than you think, so don't procrastinate because you think it is a hard thing to do. Of course, it goes without saying that you should back things up beforehand.

Running SQL scripts with MySQL

23rd September 2007

Here's another of those little things that you forget if you aren't using them every day: running MySQL scripts using the Windows command line. Yes, you can also run SQL commands interactively, but there's a certain convenience about scripts. I am putting an example here so that it can be found again easily:

mysql -u username -p databasename < script.sql

Though I wouldn't be at all surprised if the same line worked under Linux and UNIX, I haven't needed to give it a try.

Open source CMS options

18th March 2007

After reading an article in the latest issue of PC Plus, I got curious about the world of content management systems again. I went over to OpenSourceCMS to sample the CMS demos that they have got on there. Mambo and Joomla! (I wish they dropped that exclamation mark; it messes up automated grammar checking) are fully fledged CMS’s and look impressive too, though how they would fit into my online presence is something of an open question. Since I spied that PHP-Nuke uses themes, that is an attraction; I am already used to that mindset thanks to WordPress. While Drupal is seemingly less slick than the others, that could be an attraction in itself; it does offer themes but no rich text editing is available.

Though all of the above are built on top of PHP/MySQL, I ignored them for some reason when I last looked at open-source content management systems. That does seem a strange thing to do, but this was a while ago and the moderate cost of adding database functionality to my website was not something that I was willing to pay, though I have done so since for HennessyBlog.

Therefore, I ended up seeing what Plone (built on Zope and using the Python programming language) could do. What I was had in mind at the time was a replacement for Perl-powered photo gallery, and a CMS was never going to fit the bill; it still doesn’t. In any case, Plone left me with the impression that it was an all or nothing affair when I like coexistence of website components on a single server. Things may have changed since then, so giving it another go remains an option.

Now that I have decided to have a look at Drupal, the emphasis this time is not on using it as a photo gallery platform; if I wanted that, I’d go with the API for something like Flickr or Zooomr. This time, the emphasis on using a CMS to manage the visitor information directories on my website. It does coexist with the other website components, including WordPress and the aforementioned bespoke built photo gallery. Interestingly, Drupal does offer blogging functionality if I wanted it.

Set up involved a spot of work with MySQL before moving onto other things:

mysql -u adminuserid -p /* logging in*/
create database drupal; /*creating new database*/
grant ALL on drupal.* to adminuser identified by “**********”; /* granting access to new database */
quit; /* exiting */

Because it is easier to see what’s going on (not wrong, hopefully), I prefer command line working with MySQL. For some reason, Drupal comes only in tar.gz archives, so I extracted this into the web server directory and opened up the site in Firefox. Installation only requires the set-up of database access and is soon completed. A few things turned up in the status report that needed attention: cron, this can be run manually; activation of PHP Unicode and GD library (PHP’s gd_info function is a real help in testing this) extensions, editing of php.ini to remove commenting semicolons activated them and restarting Apache made them available; having a place to store uploads, the directory called files got created.

Since then, I have set about bending it to my will, not always an easy thing to do with software. The first thing to do was to give it a static home page. By default, Drupal places tasters for any nominated pages and stories on its home page and shows configuration instructions until you allow some content to filter through. However, adding the Front Page module allows you to override this behaviour and have something more static. It was an entry on Kehan’s Blog that set me heading in the right direction.

The next steps were to persuade the thing to allow external links to exist in menus (though patches exist, I have yet to learn how to apply them other than finding the nefarious piece of code and replacing, a considerable challenge that makes me wonder if there is not a better way to do it: with a module, perhaps?) and carry on the theme editing until it ties in with the rest of my site. Then, I’ll make the decision whether to replace my current workflow (Perl-powered pre-processing of XML into PHP/XHTML using XSLT and the Saxon parser followed by FTP upload to the web server) with this one. The automation of the former argues in its favour. We’ll see how things pan out…

  • The content, images, and materials on this website are protected by copyright law and may not be reproduced, distributed, transmitted, displayed, or published in any form without the prior written permission of the copyright holder. All trademarks, logos, and brand names mentioned on this website are the property of their respective owners. Unauthorised use or duplication of these materials may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties.

  • All comments on this website are moderated and should contribute meaningfully to the discussion. We welcome diverse viewpoints expressed respectfully, but reserve the right to remove any comments containing hate speech, profanity, personal attacks, spam, promotional content or other inappropriate material without notice. Please note that comment moderation may take up to 24 hours, and that repeatedly violating these guidelines may result in being banned from future participation.

  • By submitting a comment, you grant us the right to publish and edit it as needed, whilst retaining your ownership of the content. Your email address will never be published or shared, though it is required for moderation purposes.

Copyright © 2007-2025, TechnologyTales.com