hotlink protection check header 200 is coming but page is protected

StackOverflow https://stackoverflow.com/questions/20660553

  •  19-09-2022
  •  | 
  •  

Question

hi i want to check if a image is hotlinked protected or not. i searched several sites and found the http header as best solution for checking this but when i implemented i found that it is giving wrong result.

for example http header response is coming

  Array ( [0] => HTTP/1.1 200 OK [1]

but when i link in iframe or directly in php its throwing error.access denied the image is hotlinked protected. i was trying for this image link 

  <?php
     $url = 'http://s.wallpaperhere.com/thumbnails/preview/20130702/51d3b5478d616.jpg';
     print_r(get_headers($url));
     print_r(get_headers($url, 1));
  ?>

is there any best way to cheek this and store the correct image in database which is not protected

Was it helpful?

Solution

"hotlink" detection is normally performed on the referrer header. Your example won't send a referrer so the remote side is assuming it's a direct request.

You can add a referrer header to the get_headers() call using stream_context_set_default(). Example below. There's not really even a need to change the header value I've provided... I'd think it can be anything.

<?php
$default_opts = array(
  'http'=>array(
    'method'=>"GET",
    'header'=>"Referer: http://www.fakesite.com/hotlink-check/",
  )
);

stream_context_set_default($default_opts);

$url = 'http://s.wallpaperhere.com/thumbnails/preview/20130702/51d3b5478d616.jpg';
print_r($headers = get_headers($url, 1));

if (preg_match('/200 OK$/', $headers[0])) {
        echo 'OK';
}
else {
        echo 'Not OK';
}

I've tested this with your example URL and it works as expected. Output below:

Array
(
    [0] => HTTP/1.1 403 Forbidden
    [Server] => cloudflare-nginx
    [Date] => Wed, 18 Dec 2013 16:57:54 GMT
    [Content-Type] => text/html; charset=UTF-8
    [Connection] => close
    [Set-Cookie] => __cfduid=de5cd2750b3e7c528e277df1e584c3a6c1387385874336; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.wallpaperhere.com; HttpOnly
    [Cache-Control] => max-age=10
    [Expires] => Wed, 18 Dec 2013 16:58:04 GMT
    [CF-RAY] => ded65129fde0610
)
Not OK
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top