Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Detect blank referrer in RewriteCond

For image hot linking



6:07 am on Jul 11, 2007 (gmt 0)

5+ Year Member

I have the following rule to redirect all the images to a PHP script if the referrer is blank (not set?) or its not coming from my domain.

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^$ [OR]
RewriteCond %{HTTP_REFERER}!domain\.com [NC]
RewriteRule (^blog/images/.*\.jpg$) /leech.php?src=$1 [L]

I tried and tested all the possible condition patterns but it's not allowing blank referrer to bypass the first rule. The second rule is working perfectly fine.


RewriteCond %{HTTP_REFERER} !="" [OR]
RewriteCond %{HTTP_REFERER} !. [OR]
RewriteCond %{HTTP_REFERER} !"" [OR]

Any suggestions?



2:06 pm on Jul 11, 2007 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

"!" means NOT, that is, "!^$" means "NOT blank"

You can express blank with any of:

Having finished with that, I must warn you that blocking blank referrers will result in all visitors to your site from ISPs such as AOL, Earthlink, and others seeing your site as badly-broken. They, like many corporate users, sit behind caching proxies at the borders of their networks. The effect of these caching proxies --in addition to saving you bandwidth-- is to suppress the HTTP referer. Therefore, if you block access by their caching proxies with blank referrer headers, they will all think your site is broken. Be prepared to lose their business and/or to handle their technical support requests.

Bottom line: It is not a good idea to block blank referrers, since it is not reliable as any kind of indicator of malicious intent. That is why most of the code you will see posted here Allows blank referers. Despite that, it works well enough to stop most casual hotlinking.



2:26 pm on Jul 11, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

Also many standard firewalls block referers by default. I think Norton and MacAfee both block by default.


5:25 am on Jul 12, 2007 (gmt 0)

5+ Year Member

Thanks Jim.

I am aware that blocking blank referrers is not a good idea and that is why my PHP hot linking script does not block the image request but creates watermark image on the fly mentioning my site address.



Featured Threads

Hot Threads This Week

Hot Threads This Month