Jump to content

Archived

This topic is now archived and is closed to further replies.

Abstract

Hotlinking - Avoid direct links to my website

Recommended Posts

Hi all!

I'm new on this forum and I registered because I have a question, and can't find help with it, so I post it here.

On my website, I activated Hotlink protection, so I made a .htaccess file, with this content:

[code]RewriteEngine On

# With this line we assure that it will filter only pics
RewriteCond %{REQUEST_FILENAME} .*jpe?g$|.*gif$|.*png$ [NC]

# Allow blank referrer
RewriteCond %{HTTP_REFERER} !^$

# Only allow linking from mydomain.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com/ [NC]

# If it isn't my domain, display a beautiful 403 error.
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F][/code]

Well, for external links it works fine: No site can set an <img> reference to a pic on my website. But... my problem is that I would like to disallow also direct links to pics on my website. I mean, for example, placing a direct URL in the browser to a pic on my domain. Shouldn't this .htaccess I've just posted also block this tries? Because it doesn't. Am I doing something wrong? What should I add to block these accessed too?

Thanks a lot for any help! :D

Share this post


Link to post
Share on other sites
It's in your own comments:

[code]# Allow blank referrer
RewriteCond %{HTTP_REFERER} !^$[/code]

When you type a URL into your web browser directly, there is no referrer set.  Thus this Condition is caught if the referrer is NOT (!) blank.  Removing the ! should make this work properly.

Your best bet though would just to be to create one rule, whereby anything without a referrer from your domain is blocked.  I do that for all sorts of stuff like CSS directories, image directories, javascript directories, etc.

Share this post


Link to post
Share on other sites
Thanx a lot Gorf! I think I have not clear some terms yet..  :-\

I just wanted to ask you, what do you exactly mean by creating the rule for blocking everything with a distinct domain of mine? My idea is blocking everything but some .html document, where I put a link to some image (for example, with a <img> tag). Any different URL referencing this image, including direct URL-pasting, should be blocked.

It seems it works ok now, but maybe I'm misundertanding something.

Thank you again!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.