Jump to content


Hotlinking - Avoid direct links to my website

  • Please log in to reply
2 replies to this topic

#1 Abstract

  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 03 October 2006 - 12:14 AM

Hi all!

I'm new on this forum and I registered because I have a question, and can't find help with it, so I post it here.

On my website, I activated Hotlink protection, so I made a .htaccess file, with this content:

RewriteEngine On

# With this line we assure that it will filter only pics
RewriteCond %{REQUEST_FILENAME} .*jpe?g$|.*gif$|.*png$ [NC]

# Allow blank referrer
RewriteCond %{HTTP_REFERER} !^$

# Only allow linking from mydomain.com
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com/ [NC]

# If it isn't my domain, display a beautiful 403 error.
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

Well, for external links it works fine: No site can set an <img> reference to a pic on my website. But... my problem is that I would like to disallow also direct links to pics on my website. I mean, for example, placing a direct URL in the browser to a pic on my domain. Shouldn't this .htaccess I've just posted also block this tries? Because it doesn't. Am I doing something wrong? What should I add to block these accessed too?

Thanks a lot for any help! :D

#2 Gorf

  • Members
  • PipPip
  • Member
  • 15 posts

Posted 03 October 2006 - 11:45 PM

It's in your own comments:

# Allow blank referrer
RewriteCond %{HTTP_REFERER} !^$

When you type a URL into your web browser directly, there is no referrer set.  Thus this Condition is caught if the referrer is NOT (!) blank.  Removing the ! should make this work properly.

Your best bet though would just to be to create one rule, whereby anything without a referrer from your domain is blocked.  I do that for all sorts of stuff like CSS directories, image directories, javascript directories, etc.

#3 Abstract

  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 04 October 2006 - 10:08 PM

Thanx a lot Gorf! I think I have not clear some terms yet..  :-\

I just wanted to ask you, what do you exactly mean by creating the rule for blocking everything with a distinct domain of mine? My idea is blocking everything but some .html document, where I put a link to some image (for example, with a <img> tag). Any different URL referencing this image, including direct URL-pasting, should be blocked.

It seems it works ok now, but maybe I'm misundertanding something.

Thank you again!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users