Lou_Boumian,

Welcome to WebmasterWorld!

I'd suggest a few changes:

#Allow directory browsing (accessing files in directory that dont have any index files, like downloading...)
[b]Options +Indexes +FollowSymLinks[/b]
#
RewriteEngine On
[b]RewriteCond %{HTTP_REFERER} .[/b]
RewriteCond %{HTTP_REFERER} !^http://[b](www\.)?[/b]mydomain.net [NC]
RewriteCond %{REQUEST_URI} !^/errormessagespages/stolen\.jpg
RewriteRule [b]\.(gif¦jpe?g¦mpg¦avi¦mov¦rm¦wav¦png¦mp3¦html?¦php¦bmp¦js¦zip¦exe)$[/b] /errormessagespages/stolen.jpg [[b]NC,[/b]L]
#
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx$
RewriteRule .* /errormessagespages/rcmp-grc.html [b][L][/b]

1) Combined two Options directives.
2) Added check for blank referrer to Allow for users behind caching proxies like AOL.
3) Combined two RewriteCond checks for mydomain and www.mydomain.
4) Simplified pattern: Removed uppercase file types and added [NC] flag for case-insensitive compare, combined "jpg" and "jpeg" into "jpe?g" equivalent.
5) Corrected syntax of second RewriteRule for internal redirect -- Use [L] instead of [R].

Be sure to flush your browser cache (Temporary Internet Files) after any change to the access restrictions in your .htaccess file; If pages are cached, they won't be fetched from your server. If they are not fetched from your server, then your .htaccess file can have no effect. This is probably why your code did not seem to work.

The references cited in our charter [webmasterworld.com] may be helpful to you, especially in understanding the regular-expressions changes.

Jim

Thanks Jim!

All your suggestions make sense to me and I implemented them.

Unfortunately, once I uploaded the new .htaccess file in my root (htdocs), not only can I still surf on my Web while being banned (in theory), but now, I can also freely leech an image out from this same Web using a page from my other Web.

I then replaced the new .htaccess by the old one and the anti-leeching was functional again (the stolen.html page is displayed when trying to leech) although I am still not baned from the site.

I have purged IE internet temp files. Did not make any difference.

I am puzzled, I have no idea what's going on here. But thank in advance for any other suggestion you or somebody else may have.

Yes, I don't know why it wouldn't work -- It's extremely simple code.

The most common cause of problems is that the HTTP Referer is often blocked, so controlling access by referrer is not reliable. Then there is the browser cache and ISP caching proxies that can interfere.

I did miss one issue in your original code, and that is that the second rule might cause a loop, so it should have an exclusion like the first one:

RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx$
[b]RewriteCond %{REQUEST_URI} [i][/i]!/errormessagespages/rcmp-grc\.html$[/b]
RewriteRule .* /errormessagespages/rcmp-grc.html [L]

If you have access to your server logs, see if the requests that are successfully viewing images provide a referrer. It's likely that they don't, so the "RewriteCond {HTTP_REFERER} ." will let them through. But this is necessary to avoid blocking legitimate visitors who access your site through their ISP's caching proxy, such as all AOL users. If you need better access control, then I'd suggest using cookies or password-protecting the directory where you keep them.

Jim

I realized that I should have changed the "¦" characters in the script you suggested to unbroken vertical bars... learning... learning...

Now, the anti-leeching works as well as with the old version but I was still able to surf my site.

I found that I had to get rid of escaping back slash in the IP to get the banning part functionnal.
(I noticed that they are not used in scripts using "allow", "ban").

I then also had to include the gif used in the redirected file in the restricting part for everything to work fine.

Here is the final code:

------------------
<Files .htaccess>
order allow,deny
deny from all
</Files>

#Forbid directory browsing (accessing files in directory that dont have any index files)
#IndexIgnore */*

#Allow directory browsing (accessing files in directory that dont have any index files, like downloading...)
Options +Indexes +FollowSymLinks

RewriteEngine On
RewriteCond %{HTTP_REFERER} .
RewriteCond %{REQUEST_URI} !^/errormessagespages/stolen.jpg
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.net [NC]
RewriteRule \.(gif¦jpg¦mpg¦avi¦mov¦rm¦wav¦png¦mp3¦html?¦php¦bmp¦js¦zip¦exe)$ /errormessagespages/stolen.jpg [NC,L]

RewriteCond %{REMOTE_ADDR} xx.xx.xx.xx
RewriteCond %{REQUEST_URI} !rcmp-grc\.html$
RewriteCond %{REQUEST_URI} !rcmp\.gif$
RewriteRule .* /rcmp-grc.html [L]

------------------------------------

Thanks for your help on that Jim!...

NOTE TO ALL THE NEWBIES LIKE ME: Watch these broken vertical bars in codes published on this forum. They should be all replaced by unbroken bars after pasting in your ASCII editor!

[edited by: jdMorgan at 3:24 pm (utc) on Oct. 11, 2004]
[edit reason] Removed specifics per TOS [/edit]