htaccess

A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. read more at WikiPedia

  • joomla_cms

    php.logo 

    Digital watermarking is the process of possibly irreversibly embedding information into a digital signal. The signal may be audio, pictures or video, for example. If the signal is copied, then the information is also carried in the copy. In visible watermarking, the information is visible in the picture or video. Typically, the information is text or a logo which identifies the owner of the media.[Wikipedia]

    If you decide to go with an online watermarking, you can let watermark picture on the fly using php and .htaccess (at the cost of additional CPU server resources).

    Why Watermarking pictures?

    There is a lot of reasons, among others:

    • To limit images stealing, advanced users will still be able to crop/blur your watermark through!
    • To drive more new users/returning visitors to your site, anybody using your images in a forums may want to visit your site if the watermark can be read (don’t use complex logo, except if you have a well known brand)
    • To advertise your online work,

    This article is a follow up of a previous article presenting how to watermark picture offline (definitive watermarking) using ImageMagick bash script. A lot of steps described there still apply

    Features

    • Watermark pictures on the fly as soon as they are bigger than 500 pixels in width (PHP)
    • Watermark all or only pictures that are hot linked from outside your blog, for example in forums, other blogs (.htaccess setting)
    • Don’t watermark pictures hot linked from search images engine: Google images search or other (.htaccess setting)
    • Easily extensible to your needs: support multiple watermark pictures based on original image size.

    Installation

    create a file .htaccess with the following content, I recommend you to save it at the root of Joomla!® directory structure, you can merge this file with the one provided by Joomla!

    # Uncomment next line to avoid that watermark apply on your
    # site, replace yoursite.com with you Joomla! base
    rewritecond %{http_referer} !^
    http://([^.]*[.]*)?yoursite.com/ [nc]

    # Uncomment next line to avoid applying watermark in Google images
    # search, copy as many lines as needed if you would like to also add Bing, Yahoo, etc...
    rewritecond %{http_referer} !^
    http://(www.)?google.com/ [nc]


    RewriteCond %{REQUEST_FILENAME} –f

    # Path to the watermark.php script, and list of supported images
    RewriteRule \.(gif|jpeg|jpg|png)$ /images/watermark.php [QSA,NC]

    watermark.php script

    Save this script into Joomla!® /images directory, under /images/watermark.php

    Decide at which size you want to protect your images, here starting at 500pixels width, I will apply a watermark overlay in the left corner of the image.

    <?php 
    
      $path = $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI']; 
    
      $image = imagecreatefromstring(file_get_contents($path)); 
    
      $w = imagesx($image); 
    
      if ($w > 500) { 
    
        $h = imagesy($image); 
    
        $watermark = imagecreatefrompng('watermark.png'); 
    
        $ww = imagesx($watermark); 
    
        $wh = imagesy($watermark); 
    
        imagecopy($image, $watermark, $w-$ww, $h-$wh, 0, 0, $ww, $wh); 
    
      } 
    
      header('Content-type: image/jpeg'); 
    
      imagejpeg($image); 
    
      exit(); 
    
    ?>

    Caveats

    It cost CPU and depending how you set your .htaccess may still allow users to steal images without watermark.

  •  .htaccess files are very versatile, and can easily protect some area of Your Homepage. In the case of Mambo, I am here giving You a way to secure it in less than 5 minutes. 

    All You have to do is to drop a file named .htaccess in Your /administrator directory

    Here is a templates of .htaccess You can use
    # Do not allow any user to access this file - to copy in all .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>

    force admin area with .htaccess password
    AuthType Basic
    AuthUserFile /pathto/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Walter Cedric Administrator Area"
    <Limit GET POST>
    require valid-user
    </Limit>

    • pathto should normally be outside you public webserver directory!
      In plesk, that means outside the httpdocs directory!
    • .htpasswd is a Text file which contains a mapping login:password.

    Example of .htpasswd
    admin:XXXXXXX

    XXXXXXX must be replace by it's crypt version, use that Url to create a new
    crypted value:

    http://de.selfhtml.org/cgi-bin/cryptform.pl?password=aSI45I56B4KgR34542

    In this example, I want to have aSI45I56B4KgR34542 as password (my real password is even more complex!), the page then display me

    cziW29BR6Y3fM

    Be careful it is changing at each reload of the page since the system add "salt" to the password in order to avoid brute force attack with dictionnary.

    So I create a file .htpasswd which contains:

    Example of .htpasswd
    admin:cziW29BR6Y3fM

    So In order to be able to go in my administrator Mambo panel, I will have to type

     

    user name: admin
    password: cziW29BR6Y3fM

    HTACCESS is containing a lot more keywords and way to protect some data or directories.
    I recommend You to google a little bit to find some exhaustive articles like this one in german:
    optionen">http://de.selfhtml.org/servercgi/server/htaccess.htmoptionen

    If Youre using my component hashcash or any statistics log tools on YOur server, YOu may know the IP of the bad guys which try to break Your site. There is a way to block these attacking zombies at the server level. Just extends the section Limit of the .htaccess file

     <Limit GET POST>
    order allow,deny
    allow from all
    deny from
      XXX.XXX.XXX.XXX
    deny from .microsoft.com 
    </Limit>

    where XXX.XXX.XXX.XXX is the IP or part of the IP (XXX or XXX.XXX or XXX.XXX.XXX), but it can be a DNS. You can add as many lines as You want.