Your request is not cleary understood?
Are you looking for some kind of html solutin?

There are many examples of anti-hotlinking based on referrer in this forums archives.
EX:
[webmasterworld.com...]

Google offers many references:
[google.com...]

all these require use of htaccess, which most FREE hosts do not offer.
In the event that your FREE host does not offer htaccess, best solution is to obtain a different provuider.
Much hosting is avaialble today for as little as $60 years and some of these hosts even offer multiple domains within the same accoun. Surely that little amount is worthy of utilizing an option you desire (as well as other benefits that free hosting does not provide.)

Don

Sorry for my english.

I own a dedicated server and provide free hosting service.

But I do not have lots of bandwith, so I want to prevent hotlink of images to save bandwith.

Anyone who use my free hosting system can use his own domain(eg. www.abc.com) , so there are thousand of domains on my server which means I cannot use SetEnvIf Referer to prevent hotlink.

My own sites have been hosted with others for ten years now.
Thus my server knowledge is literally nil.

Would you be allowed, using httpd.conf to configure anti-hotlinking for ALL the sites you host (server wide) and specific to each free hosted site?

I don't see any reason that would prevent this!
Unfortuantely, another who utilizes such "rewrites" will need to assist you.

a google on httpd.conf is quite bountiful.

wilderness, thanks a lot for your reply!

I can configure anti-hotlinking base on domain , but there more than 100 new domains increase per day. so I cannot edit httpd.conf by hand.

I wounder can I use referer IP instead of referer domain in httpd.conf.

The problem is that mod_rewrite (and the other relevant Apache modules) do not have the ability to compare two variables. That is, you cannot do

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_HOST} != %{HTTP_REFERER}
RewriteRule \.(gif¦jp[eg]¦jpeg¦png)$ - [F]

because variables in the right side of a RewriteCond are not supported.

There is one work-around: IF your server supports POSIX 1003.2 regular expressions, you can use an 'atomic' back-reference, and use the fact that if A+B = A+A, then A=B. This is true for strings as well as for numbers.

The problem is that this solution is non-portable; Only some operating systems support POSIX 1003.2, so if you change operating systems (for example, due to a server "upgrade"), and the new OS does not support POSIX 1003.2 regular expressions, then the rule will fail.

If you do have POSIX 1003.2 support, a solution might be coded like this:

RewriteCond %HTTP_HOST>%{HTTP_REFERER} ^(([a-z0-9]+\.)+[a-z0-9]+).?(:[0-9])?>https?://(([a-z0-9]+\.)+[a-z0-9]+)
RewriteCond %1>%4 !^(.+)>\$1$
RewriteRule \.(gif¦jp[eg]¦jpeg¦png¦ico)$ - [F]

Notice that this ruleset implicitly requires both the HTTP_HOST and the HTTP_REFERER to be non-blank, otherwise, image access is allowed. This is usually the desired behaviour.

Note that the ">" character serves only as a delimiter. Although I use it to visually-imply concatenation, it has no special meaning to the regular-expressions parser. The patterns allow for all possible valid hostnames and referrers. Specifically, they allow for http and https, and allow hostnames which have a "." and/or a port number appended.

Replace the broken pipe "¦" characters above with solid pipe characters before use; Posting on this forum modifies the pipe characters.

I just wrote this; It has not been tested. Although the concept is known to work, there may be errors in the code.

If your server does not support POSIX 1003.2 regular expressions, then there is another way, and that is to use a RewriteMap in httpd.conf to validate the image requests using a PERL script. See the Apache mod_rewrite documentation for details, but basically, you could use a RewriteRule to call a script using RewriteMap. The script could then compare the requested hostname with the HTTP referrer, and return either the original image URL if they match, or a 'forbidden' URL if the referrer does not match the hostname. You could then use a second rule to detect if the 'forbidden' URL was returned, and send a 403 forbidden response if so.

The only problem with this RewriteMap method is that the image-validation script will be called for every image request received by your server, so you are trading a bandwidth saving for an increase in CPU utilization. You will have to decide --based on the severity of your hotlinking problem and your current server CPU utilization-- whether it is worth doing.

Jim

Hi jdMorgan, thank you very much!

I'll try the "POSIX 1003.2" solution on my server. It seems the best way to prevent hotlink of images.

BTW: My server's os is centOS 4