Proxy Resource Index - Hotlinking Prevention: CGIProxy and PHPProxy

Hotlinking Prevention: CGIProxy and PHPProxy

Thursday, 14 December 2006

Running a web proxy server using CGIProxy and PHPProxy is a risky business. The script as is does not have any hotlinking prevention. That makes other can just go to your proxied pages without going through your front page. Even worse, they can link picture, download, and anything through your web proxy which make your bandwidth usage up to the roof.

Here is easy, crude script that I put together to try to prevent that on script level. I'm not an expert on perl or PHP (I work primary on .NET) so this script is not a sophisticated functions, just an easy and simple hack.

CGIProxy:


      if($ENV{'HTTP_REFERER'} =~ /^http:\/\/www.443proxy.com/)
    {
    }
    else
    {
        &redirect_to('http://www.443proxy.com/', '');
    }

This code basically check for referer and if it's blank or not from our domain, redirect to our domain main page. Open your nph-proxy.cgi on text editor and find:


$HTTP_1_X=  $NOT_RUNNING_AS_NPH   ? 'Status:'   : "HTTP/$HTTP_VERSION" ;

Insert my code below that line.

PHPProxy:


/*
PHProxy bandwidth MOD by Rhett Canney (Billy Connite)
This MOD will stop any hotlinking via PHProxy, even if the
clients referer is not set!
*/

// Change this to your domain (no 'www.')
$domain="443proxy.com";

// If no request:
if($_GET['q']!=""){
  // Get referer
  $referer=$_SERVER['HTTP_REFERER'];
  // Check to see if referer is not the proxys domain
  $count=substr_count($referer,$domain);
  // If there is an outside referer:
  if($count==0){
    // If there is a request:
    if($_GET['q']!=""){
      // Redirect to homepage and finish script
      header("Location: http://www." . $domain . "/");
      exit();
    }
  }
}

This code basically do the same thing as CGIProxy code above. I found it on some forum and it works like a charm. Open your index.php and put it right after:


<?php

While this will save you a lot of headache trying to prevent your bandwidth over charge from your ISP, you should always monitor your bandwidth usage. Don't hesitate to pull the plug when your bandwidth usage is already over your quota from ISP. And remember if your website log show your bandwidth usage is 100GB, the reality is it already use double of that since web logs didn't count your incoming traffice, only your outgoing.

Last Updated ( Friday, 15 December 2006 )

Tag this to: