The code can block access only if the client (browser) sends an HTTP Referer header (so that %{HTTP_REFERER} is non-blank), and sending the HTTP Referer header is optional. That's just how HTTP works, so referrer-based anti-hotlinking can never be 100% effective.

However, that rule can be re-coded in a much more efficient way, and you can save bandwidth by denying the request instead of trying to redirect image requests to an HTML page (which won't work most of the time):

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com
RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]

Note that I made "www." optional in the now-single RewriteCond that checks for your domain as the referrer, and that I used [NC] to make the file-extension check case-insensitive and made the "e" in "jpeg" optional as well, compacting the regular-expressions pattern required in your RewriteRule. I added slashes to escape all literal periods in the patterns. I also removed the meaningless ".*" postfix and prefix from the patterns as well; Adding ".*" adjacent to a regular-expressions pattern start or end anchor accomplishes nothing and just wastes CPU time. That is you can always delete "^.*" or ".*$" without changing the meaning of a pattern, if that pattern is anchored at its other end.

When testing, be aware that if you successfully load an image, then that image will be stored in your browser cache and will be displayed from your cache until that cache entry expires or is removed. Therefore, it's important when testing anti-hotlinking code that you completely flush your browser cache (delete Temporary Internet Files in IE) before doing another 'test'.

So the procedure must be:

Test from allowed referer (your own site), see image.

Flush cache.

Test from forbidden referer (some other site), see broken image icon.

Flush cache.

Continue testing & flushing.

Jim

Jim, thanks for the reply. The code doesn't work in my httpd.conf file. Although it does in a .htaccess file. I was trying to get away from using .htaccess files but can't seem to. Here's exactly what I used...

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com
RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]

</IfModule>

Here's some more information as it concerns document root.

DocumentRoot /home/servername/public_html

<Directory "/home/servername/public_html">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

And I have about 5 other sites on the server. Thanks.

You'll need to enable FollowSymlinks or SymLinksIfOwnerMatch in the rewriterule's context, in order to allow mode_rewrite to execute (See mod_rewrite documentation).

If that doesn't help, please tell us how the code "doesn't work" -- Specifics of your test, your results, and how they differed from your expectations, as well as any entries from your server error log, might be most helpful.

Jim

The code doesn't work in my httpd.conf file.

Did you restart Apache after editing the httpd.conf file

Here's a variation.

Search google utilizing quotes:

"Solution # 1 : Prevent “hot linking” of images"

Jim, thanks for your help. I will be working on it.

Wilderness, yes, I restarted Apache. I googled and got this location. Search engines are your friend, I agree. Thanks for your reply.