Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Detect blank referrer in RewriteCond

For image hot linking

6:07 am on Jul 11, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Jan 4, 2006
votes: 0

I have the following rule to redirect all the images to a PHP script if the referrer is blank (not set?) or its not coming from my domain.

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^$ [OR]
RewriteCond %{HTTP_REFERER}!domain\.com [NC]
RewriteRule (^blog/images/.*\.jpg$) /leech.php?src=$1 [L]

I tried and tested all the possible condition patterns but it's not allowing blank referrer to bypass the first rule. The second rule is working perfectly fine.


RewriteCond %{HTTP_REFERER} !="" [OR]
RewriteCond %{HTTP_REFERER} !. [OR]
RewriteCond %{HTTP_REFERER} !"" [OR]

Any suggestions?


2:06 pm on July 11, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
votes: 0

"!" means NOT, that is, "!^$" means "NOT blank"

You can express blank with any of:

Having finished with that, I must warn you that blocking blank referrers will result in all visitors to your site from ISPs such as AOL, Earthlink, and others seeing your site as badly-broken. They, like many corporate users, sit behind caching proxies at the borders of their networks. The effect of these caching proxies --in addition to saving you bandwidth-- is to suppress the HTTP referer. Therefore, if you block access by their caching proxies with blank referrer headers, they will all think your site is broken. Be prepared to lose their business and/or to handle their technical support requests.

Bottom line: It is not a good idea to block blank referrers, since it is not reliable as any kind of indicator of malicious intent. That is why most of the code you will see posted here Allows blank referers. Despite that, it works well enough to stop most casual hotlinking.


2:26 pm on July 11, 2007 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 13, 2003
votes: 0

Also many standard firewalls block referers by default. I think Norton and MacAfee both block by default.
5:25 am on July 12, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Jan 4, 2006
posts: 307
votes: 0

Thanks Jim.

I am aware that blocking blank referrers is not a good idea and that is why my PHP hot linking script does not block the image request but creates watermark image on the fly mentioning my site address.