hotlink protection check header 200 is coming but page is protected

499 views Asked by At

hi i want to check if a image is hotlinked protected or not. i searched several sites and found the http header as best solution for checking this but when i implemented i found that it is giving wrong result.

for example http header response is coming

  Array ( [0] => HTTP/1.1 200 OK [1]

but when i link in iframe or directly in php its throwing error.access denied the image is hotlinked protected. i was trying for this image link

  <?php
     $url = 'http://s.wallpaperhere.com/thumbnails/preview/20130702/51d3b5478d616.jpg';
     print_r(get_headers($url));
     print_r(get_headers($url, 1));
  ?>

is there any best way to cheek this and store the correct image in database which is not protected

1

There are 1 answers

4
phil-lavin On BEST ANSWER

"hotlink" detection is normally performed on the referrer header. Your example won't send a referrer so the remote side is assuming it's a direct request.

You can add a referrer header to the get_headers() call using stream_context_set_default(). Example below. There's not really even a need to change the header value I've provided... I'd think it can be anything.

<?php
$default_opts = array(
  'http'=>array(
    'method'=>"GET",
    'header'=>"Referer: http://www.fakesite.com/hotlink-check/",
  )
);

stream_context_set_default($default_opts);

$url = 'http://s.wallpaperhere.com/thumbnails/preview/20130702/51d3b5478d616.jpg';
print_r($headers = get_headers($url, 1));

if (preg_match('/200 OK$/', $headers[0])) {
        echo 'OK';
}
else {
        echo 'Not OK';
}

I've tested this with your example URL and it works as expected. Output below:

Array
(
    [0] => HTTP/1.1 403 Forbidden
    [Server] => cloudflare-nginx
    [Date] => Wed, 18 Dec 2013 16:57:54 GMT
    [Content-Type] => text/html; charset=UTF-8
    [Connection] => close
    [Set-Cookie] => __cfduid=de5cd2750b3e7c528e277df1e584c3a6c1387385874336; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.wallpaperhere.com; HttpOnly
    [Cache-Control] => max-age=10
    [Expires] => Wed, 18 Dec 2013 16:58:04 GMT
    [CF-RAY] => ded65129fde0610
)
Not OK