Can't get .htaccess to prevent hotlinking

Forum Moderators: phranque

Message Too Old, No Replies

Can't get .htaccess to prevent hotlinking

4string

5:18 pm on Jun 24, 2005 (gmt 0)

I've tried every possible format I can find on the net. What happens is all files are blocked whether on or off the site. Am I missing a setting or something?

Here's what I've been trying to get to work:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} ^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpe?g¦bmp¦mid¦swf¦mp3¦css)$ - [F,NC]

Thanks for any help or advice you can offer.

moltar

5:46 pm on Jun 24, 2005 (gmt 0)

The answer was in the forum library [webmasterworld.com]. Here is the link:

[webmasterworld.com...]

4string

6:27 pm on Jun 24, 2005 (gmt 0)

Thanks Moltar for pointing me in the right direction.

4string

8:46 pm on Jun 24, 2005 (gmt 0)

Well, it still won't work for me (using the code from that thread). I made sure to replace my domain for 'example' and change all the broken pipes. And, I've cleared my cache a 1000 times. It doesn't matter what directory it is in.

I know mod rewrite is working for rewriting urls if I try that. I'm going insane. There aren't some other settings that can cause pitfalls?

jdMorgan

9:10 pm on Jul 5, 2005 (gmt 0)

See the comment about referrer blocking being "notoriously unreliable" in the thread cited above. There is no 100%-reliable solution available using HTTP_REFERER; To get better access control, you'll need to set a cookie on an "authorized visitor page" (or pages) and then check for that cookie before serving a requested image. In other words, the trade-off is between 60% reliable simple referrer checking, and complicated cookies-based checking. The choice depends on how "valuable" your images are, how comfortable you are with setting and testing cookies, and how much time you want to spend on the problem.

Jim