homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

.htaccess in subdirectories
subdirectories and .htaccess not working correctly

 9:50 pm on Dec 10, 2002 (gmt 0)

I've read through the multiple threads on .htaccess several times for an answer to this. The file that I have in my documents root is working fine. The problem that I'm having is that I have a single user who is constantly linking to pictures in a single sub-directory. I have banned their primary IP in documents root, and I was trying to stop them from linking to pics by creating another .htaccess in the subdirectory.

Every time I think I have it right (and even test it as best I can), I see code 200 responses an hour later where this person is still linking to my pics.

I put the following in my images/.htaccess: where "bandwidththief" is the online journal account they are using to steal my pics.

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [NC,OR]
RewriteCond %{HTTP_REFERER} bandwidththief/.*$ [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ - [F,R]

I thought this would work, and with a URL referer that starts with "bandwidththief" it does. But about two hours after I did this, I saw a string of additional code 200 responses where this person was hotlinking to more pics. All of those requests had a referer of [example.com...]

I don't want to deny the entire online journal site because some of my friends use it. Any ideas on why this isn't working the way I am thinking that it should?


[edited by: DaveAtIFG at 9:59 pm (utc) on Dec. 10, 2002]

[edited by: Vael27 at 10:26 pm (utc) on Dec. 10, 2002]



 10:02 pm on Dec 10, 2002 (gmt 0)

Welcome to WebmasterWorld Vael27! It looks like you've done your homework before posting and we appreciate it!

I'm confident that one of our resident mod_rewrite gurus will be along soon to help you sort this out.


 10:02 pm on Dec 10, 2002 (gmt 0)

if you ban them at root they should not be able to access any of your directories?

someone correct me if im wrong.


 10:20 pm on Dec 10, 2002 (gmt 0)

Only their primary IP, which is static, is banned in documents_root. That works fine, every time. They've also been opening the links using a dynamic IP, but, every time they do their username from this online journal is somewhere in the HTTP_REFERER.

The .htaccess file in the sub-directory works fine if the referer is blank. I tried that last night around 10p several times, and got 403 errors every time. It's just not working if "bandwidththief" isn't at the beginning of the referer url.


 11:41 pm on Dec 10, 2002 (gmt 0)


Welcome to WebmasterWorld [webmasterworld.com]!

Delete the slash off the end of the "bandwidththief" condition, and leave it without an end anchor:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://www.example\.com/users/bandwidththief [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ - [F]

You really can't block blank referrers, because that will block legitimate users who connect through proxy servers or use Norton Internet Security.

Also, [F,R] is redundant, so you can omit the "R".

If this doesn't work, please copy one of the lines from your server log, and post it so we can see the entire referer string.



 5:39 pm on Dec 11, 2002 (gmt 0)

Thanks for the help. I wasn't quite sure what the R in the rewrite rule was for anyway. I'd copied it from the very long .htaccess thread in the php section.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved