1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:14 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Help me improve my htaccess hotlink setup please, it needs something.

         

Sgt_Kickaxe

8:38 pm on Jun 12, 2010 (gmt 0)



Hello,

I block image hotlinking on a site because it has been the target of a spammer for some time. Today something new started happening and I need to shut it down.

First the image hotlink protection in .htaccess
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]


It may not be the best, I'm open to suggestions on it too, but, what I now need to accomplish is this.

I need to stop image pages from being loaded into an iframe.

To get around my image hotlink protection the person is now just using the url of the images (ie:www.example.com/images/image.jpg) and adding it to their site(s) using iframes. I'm not sure how given the rules above but it's working.

This is somewhat urgent, a script is being used to show the majority of my sites images this way on several automated free blogs (a new one every hour it seems x 90% of my images = ouchie)

Thanks in advance for any suggestions.

edit: I did search for this but found posts that block images via htaccess but don't seem to block them being loaded in iframes. I found this thread [webmasterworld.com...] but some links to other WW posts are 404 on it.

Sgt_Kickaxe

9:56 pm on Jun 12, 2010 (gmt 0)



Frame busting script would work I suppose. Fixing the above would be better but the host this site is on is quirky with htacces rules, hard to know what's working when the delay time is unknown.

Analytics content section is showing an image uri instead of a web uri is the top requested content today, that despite there being no analytics on images.

How's that happening ?

jdMorgan

1:09 pm on Jun 14, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The only improvements would be to tweak the regex for efficiency: 

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
RewriteRule \.(jpe?g|png|gif)$ - [NC,F]

Put the image filetypes in order of most- to least-frequently-accessed in the rule pattern, based on your stats.

[L] used with [F] is redundant: [F] implies [L].

As for the iFrame: An image request from within an iFrame *is* an image request from your own 'site,' so this code cannot help with that problem. You will need a frame-buster.

Image uri showing in analytics: Impossible to tell without seeing the requested URL and a statement from you as to whether it is a valid URL or not, and what filepath it resolves to on your server. (With mod_rewrite and many other modules, knowing the requested URL is everything.)

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:14 am May 2, 2026