jdMorgan - 1:55 pm on Feb 23, 2010 (gmt 0) [edited by: jdMorgan at 2:16 pm (utc) on Feb 23, 2010]
> In Google images my thumbnails are shown and clicking on it actually shows the large image however when refreshing it disappears to Google/Bing search and hotlinking does the same.
Likely because your browser has cached the image as a result of you having previously visited your own site. When testing anti-hotlinking code, it's important to completely-flush (delete) your browser cache in between each test access that should show be allowed (and should show the image) and a subsequent test access that should be blocked (and should not show the image).
The reverse is also true: Once your browser has cached a 403 (or 301/302) response, it will likely show that cached response for a subsequent test case where the image access should be allowed and the image should show.
Bottom line: Flush your browser cache before assessing each test case.
Sorry for the OT technical stuff -- Hopefully it's useful.
For those investigating the new 'site' directive's behavior, is the "-" operator still useful to exclude one's own domain so that hotlinks can be identified?
[edited by: jdMorgan at 2:16 pm (utc) on Feb 23, 2010]