Do your lines begin with:

RewriteEngine on

Or is there another problem?
You don't provide any explanation of what is or isn't happening? As you intended?
Have you checked your errors logs to see what's happening?

I've been using following for an eternity:

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.(com好et) [NC]
RewriteRule \.(jpg夙if如df夷co)$ - [NC,F]

You will need to turn on the
RewriteEngine on

if you haven't previously.

Please note; forum breaks the pipe characters and they require correction before use.

Hi wilderness,

yes, I do start with "RewriteEngine on" and even have "Options +FollowSymLinks".

Sorry for not being too clear. What is not happening is that the replacement image shows up. I can still see the original, hotlinked image. It seems as if mod_rewrite was turned off. However, simple rewrites do work.

I only have access to my last 300 error messages through cPanel, but this list is empty.

Thanks for pointing out the high-pipes, I'm using regular pipes in my files.

Do you know how I could test mod_rewrite locally? I've set up virtual hosts for two sites which I could test against each other.

And how did you make sure your config was working?

Thanks!

Here's a thread which provides an example of "a test" that Jim has provided many times:

[webmasterworld.com...]

The problem is that because "both" of the images have the same "URL", your browser caches the data and you will see the wrong one.

You must flush your browser cache before each test. Try the test on another machine that has never looked at your site before.

If you're still using the replacement image rewrite, then one problem is that the code can create an infinite loop, depending on the replacement image type. It's also full of redundant junk, probably generated by a control panel or automated mod_rewrite generator. I'd suggest the following clean-up:

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.info [NC]
RewriteCond %{REQUEST_URI} !^/antiHotLinking\.jpe$
RewriteRule \.(gif夸p[eg]夸peg如ng在mp)$ http://www.example.info/antiHotLinking.jpe [NC,R=302,L]

This allows you to use any file extension you like on the replacement image, but otherwise completely reproduces the function of what you had before, and with several fewer lines.

However, I believe that the "flush your browser cache" recommendation above is the likely solution to your immediate problem.

Jim

[edited by: jdMorgan at 8:53 pm (utc) on Mar. 2, 2008]

Thanks wilderness, g1smd and Jim.

I'm pretty sure that the browser cache didn't play into the equation since I was aware of that and used Opera 9 with cache turned "off". I also periodically and temporarily disabled my firewall (both software and router) to check if that might be an issue.

I'm going to check your suggestions tonight and will report back (I'm about a day ahead in my timezone...)

Cheers!

Ok,

I've implemented Jim's suggestion and replaced the pipes with real ones. I turned off the router's and my software firewall. I used Safari, who has not seen the hotlinker's page before.

No luck. The browser displays the hot-linked image from my site, not the anti-hotlinking image.

Opera, with cache disabled, does the same. This is what frustrates me. I've written an email to my provider asking for help but haven't received an answer yet.

I'll test the hotlinker's page tomorrow from work just to try an entirely different client setup.

Wilderness, I don't understand how the information Jim provided on the page you linked to is related to my problem. Can you please explain? Thanks.

Jim, do you know of a mod_rewrite with which I could test if my provider has everything set up correctly? I've just tried the following simple redirect and that works fine:

RewriteCond %{REQUEST_URI} /test2\.html$
RewriteRule .* /test.html [R=301,L]

(test2.html does not exist, test.html does and shows up when I try to access test2.html.)

Thanks for your help, guys.

Another detail:

When I comment out the empty referer line all works as intended, except that my own site also shows the antiHotLinking.jpe whereever there's an image. Does this ring any bells?

Hooray!

A small victory: One hotlinker's site actually shows the anti-hotlinking image. I just tested from work.

I will now send to work more links to confirm.

I'm stupefied that for the heck of it I couldn't test it adequately from home.

I'll let you know the results tomorrow, and if positive, we can close this thread.

Thank you!

Are you using any "Internet Security" software which blocks the HTTP Referer header sent by your browser? Or are you on AOL or any other ISP that uses caching proxies?

If so, that's why you're having problems.

Any client which sends requests through any such security filter or caching proxy, or which can internally disable sending of Referer headers will be able to bypass anti-hotlinking code. That's just the way it is, since the Referer header is optional.

However, if you slightly adjust your attitude of "what the anti-hotlinking code is for," this isn't really a problem; If you adopt the attitude that the purpose of the code is to make the hotlinking site look broken to a large number of that site's users, so that they will bother the Webmaster of the hotlinking site by asking him/her to fix it by removing the image, then all is well -- Most users *will* send a referrer header, so most will see the alternate image (or get a broken image icon if you simply return a 403-Forbidden response).

Jim

Hi Jim,

I'm just using a firewall and an anti-virus program. I wouldn't have a clue where to look for a referer option I must admit.

You are absolutely right about the two options every webmaster has:

a) Create a anti-hotlinking image to "educate" and "pay back" hot-linkers, or

b) Silently break the hot-linked image.

I could assume both, but for the time being I'd like to pay back ;-)

Thanks for your help guys. My last tests were positive (all from work, will examine my caching problem later).

Thanks!