Forum Moderators: phranque
I tried creating an .htaccess file. When I put that in the root it blocked the hotlinks but my site was getting a server 500 error. Tech support renamed the .htaccess from their end and I could get into everything but then the hotlinking was also back.
they suggested that I try the .htaccess in one folder until it was working right. It seemed to work once but it is not working now(i.e. not blocking hotlinking.) I tried a number of versions such as
Rewriteengine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://myssite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.mysiste.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://206.#*$!.#*$!.xxx/.*$ [NC] (my site's IP)
RewriteRule .*\.(gif¦GIF¦jpg¦JPG)$ - [F]
I read that .htaccess can slow things down when it is in the root since every file read has to check with .htaccess. I then looked into httpd.conf. I'm a bit fuzzy on the exact code to put in the httpd.conf file.
I didn't want to make major changes to httpd.conf. What I did was
1. Put the code you see above in access.conf. (I think that is wrong because I saw a directory /directory code somewhere that i probably should be using)
2. Removed the # from the line in httpd.conf that references the access.conf file (I think that will 'unremark' the line to allow apache to see access.conf. Please let me know if I am wrong.
3. Went into the control panel and restarted vps. From what I read the httpd.conf gets read at startup. Am I correct in assuming that this restarts the virtual server?
Other questions:
1. Does anyone have a sample of code to go into httpd.conf or access.conf to stop hotlinking?
2. I understand that you want to only block referrers other than your site and you want to allow blank referrers (i.e google.) Does anyone know if an httpd.conf file blocking will do this?
3. Where in the httpd.conf file do you put the anti hotlinking code? I know you aren't supposed to use the access.conf file but I would feel a bit more comfortable putting it there.
4. Am I correct in assuming that a rewrite in httpd.conf will include all subdirectories as it would in .htaccess?
Thanks
I've been working on this for a couple of hours and I am at my wit's end.
I'd appreciate any thoughts or advice.
Remember that you must flush your browser cache after making any changes to access control on your server. If you request a blocked image, and that image is in your cache, the browser will load the image from cahce and it won't be fetched from the server. If the image isn't fetched from the server, your rules can have no effect.
When working in httpd.conf, you must restart your server after each change. I can't answer your question about access.conf.
I'd suggest:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myssite\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://192\.168\.0\.1
RewriteRule \.(gif¦jpg)$ - [[b]NC,[/b]F]
Jim
I thought I had killed all the caching. Apparently the files were still cached (I even went into windows\temp and the documents and setting\local settings\temp folders and deleted everything there. Apparently I missed something
Anyway thanks for taking a look at that. I'm at another location today and it appears that hotlinking is blocked.
Chris
