Jump to content

Hotlinking - Avoid direct links to my website

Abstract

By Abstract
in Apache HTTP Server

 Share

Recommended Posts

Abstract Newbie

Abstract

Posted
Posted
Hi all!

I'm new on this forum and I registered because I have a question, and can't find help with it, so I post it here.

On my website, I activated Hotlink protection, so I made a .htaccess file, with this content:

[code]RewriteEngine On

# With this line we assure that it will filter only pics
RewriteCond %{REQUEST_FILENAME} .*jpe?g$|.*gif$|.*png$ [NC]

# Allow blank referrer
RewriteCond %{HTTP_REFERER} !^$

# Only allow linking from mydomain.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com/ [NC]

# If it isn't my domain, display a beautiful 403 error.
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F][/code]

Well, for external links it works fine: No site can set an <img> reference to a pic on my website. But... my problem is that I would like to disallow also direct links to pics on my website. I mean, for example, placing a direct URL in the browser to a pic on my domain. Shouldn't this .htaccess I've just posted also block this tries? Because it doesn't. Am I doing something wrong? What should I add to block these accessed too?

Thanks a lot for any help! :D
Link to comment
Share on other sites
Gorf Newbie

Gorf

Posted
Posted
It's in your own comments:

[code]# Allow blank referrer
RewriteCond %{HTTP_REFERER} !^$[/code]

When you type a URL into your web browser directly, there is no referrer set.  Thus this Condition is caught if the referrer is NOT (!) blank.  Removing the ! should make this work properly.

Your best bet though would just to be to create one rule, whereby anything without a referrer from your domain is blocked.  I do that for all sorts of stuff like CSS directories, image directories, javascript directories, etc.
Link to comment
Share on other sites
Abstract Newbie

Abstract

Posted
  • Author
Posted
Thanx a lot Gorf! I think I have not clear some terms yet..  :-\

I just wanted to ask you, what do you exactly mean by creating the rule for blocking everything with a distinct domain of mine? My idea is blocking everything but some .html document, where I put a link to some image (for example, with a <img> tag). Any different URL referencing this image, including direct URL-pasting, should be blocked.

It seems it works ok now, but maybe I'm misundertanding something.

Thank you again!
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.