homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

.htaccess in subdirectories
subdirectories and .htaccess not working correctly

10+ Year Member

Msg#: 74 posted 9:50 pm on Dec 10, 2002 (gmt 0)

I've read through the multiple threads on .htaccess several times for an answer to this. The file that I have in my documents root is working fine. The problem that I'm having is that I have a single user who is constantly linking to pictures in a single sub-directory. I have banned their primary IP in documents root, and I was trying to stop them from linking to pics by creating another .htaccess in the subdirectory.

Every time I think I have it right (and even test it as best I can), I see code 200 responses an hour later where this person is still linking to my pics.

I put the following in my images/.htaccess: where "bandwidththief" is the online journal account they are using to steal my pics.

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [NC,OR]
RewriteCond %{HTTP_REFERER} bandwidththief/.*$ [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ - [F,R]

I thought this would work, and with a URL referer that starts with "bandwidththief" it does. But about two hours after I did this, I saw a string of additional code 200 responses where this person was hotlinking to more pics. All of those requests had a referer of [example.com...]

I don't want to deny the entire online journal site because some of my friends use it. Any ideas on why this isn't working the way I am thinking that it should?


[edited by: DaveAtIFG at 9:59 pm (utc) on Dec. 10, 2002]

[edited by: Vael27 at 10:26 pm (utc) on Dec. 10, 2002]



WebmasterWorld Senior Member 10+ Year Member

Msg#: 74 posted 10:02 pm on Dec 10, 2002 (gmt 0)

Welcome to WebmasterWorld Vael27! It looks like you've done your homework before posting and we appreciate it!

I'm confident that one of our resident mod_rewrite gurus will be along soon to help you sort this out.


WebmasterWorld Administrator mack us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 74 posted 10:02 pm on Dec 10, 2002 (gmt 0)

if you ban them at root they should not be able to access any of your directories?

someone correct me if im wrong.


10+ Year Member

Msg#: 74 posted 10:20 pm on Dec 10, 2002 (gmt 0)

Only their primary IP, which is static, is banned in documents_root. That works fine, every time. They've also been opening the links using a dynamic IP, but, every time they do their username from this online journal is somewhere in the HTTP_REFERER.

The .htaccess file in the sub-directory works fine if the referer is blank. I tried that last night around 10p several times, and got 403 errors every time. It's just not working if "bandwidththief" isn't at the beginning of the referer url.


WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 74 posted 11:41 pm on Dec 10, 2002 (gmt 0)


Welcome to WebmasterWorld [webmasterworld.com]!

Delete the slash off the end of the "bandwidththief" condition, and leave it without an end anchor:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://www.example\.com/users/bandwidththief [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ - [F]

You really can't block blank referrers, because that will block legitimate users who connect through proxy servers or use Norton Internet Security.

Also, [F,R] is redundant, so you can omit the "R".

If this doesn't work, please copy one of the lines from your server log, and post it so we can see the entire referer string.



10+ Year Member

Msg#: 74 posted 5:39 pm on Dec 11, 2002 (gmt 0)

Thanks for the help. I wasn't quite sure what the R in the rewrite rule was for anyway. I'd copied it from the very long .htaccess thread in the php section.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved