2


I am building a site, in which I denied hotlinking of images. But after I added the facebooks "like" link to my pages, I realized that I want to allow hotlinking for facebook. So, if a user likes a page on my site, facebook should be able to show a related thumbnail of the page in the profile of the user. So, I added an exclusion rule in IIS like

if {HTTP_REFERER} matches pattern ^(https?://)?(\w+.)facebook.(com|net)(/.)*$ , allow. Alas, it didn't work for me.

After that I googled for an answer. A forum post suggested to use "tfbnw" instead of facebook, so I added that exclusion, too:

^(https?://)?(\w+.)*tfbnw.(com|net)(/.*)*$

But as you might expect, still no chance. So, I don't know which URL facebook uses to request images when a user uses the like button. I would appreciate any help to uncover this mystery, so that I can allow that URL on my site.

Note: If I disable hotlinking protection, everything works fine. So we know that my problem is just the hotlinking protection.

Cœur
  • 37,241
  • 25
  • 195
  • 267
schlingel
  • 1,514
  • 2
  • 15
  • 24

2 Answers2

1

Try allowing the domain fbcdn.net:

^(https?://)?(\w+.)fbcdn.(com|net)(/.)*$

This is facebook's content delivery network.

George Reith
  • 13,132
  • 18
  • 79
  • 148
  • nope, this didn't work either. I also tried it with ^(https?://)?(\w+\.)*fbcdn.(com|net)(/.*)*$ and had -again- no chance.. :( – schlingel Nov 13 '11 at 10:39
1

Can you try whitelisting with IP address? All of FB's crawlers should come from one of the IP addresses returned by

whois -h whois.radb.net '!gAS32934'

Colm Doyle
  • 3,598
  • 1
  • 20
  • 22
  • umm.. is this a linux/unix command? unfortunately I am using windows operatings system... I tried to navigate to whois.radb.net but there is no response. In addition, what is that '!gAS32934' for? – schlingel Nov 13 '11 at 20:35
  • I asked a good friend of mine to execute this command, it returned a large list of IPs like 204.15.20.0/22 69.63.176.0/20 66.220.144.0/20 66.220.144.0/21 69.63.184.0/21 69.63.176.0/21 74.119.76.0/22 69.171.255.0/24 but I'm not sure whether IIS will understand these (because of /22 , /24 etc) – schlingel Nov 14 '11 at 19:29
  • They're IP Ranges. I'm not too familiar with IIS, so couldn't say how to enter them, but I'd be shocked if it couldn't do it. – Colm Doyle Nov 15 '11 at 19:54
  • It allows, but it needs subnet masks instead of /22 /24. So either I'll calculate subnet masks for each ip range (there are lots of them), or I will give up. Thanks. – schlingel Nov 16 '11 at 06:56