htaccess hot link ban stopped working - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

htaccess hot link ban stopped working

Web host moved site to new server

grandma genie

11:55 pm on Apr 6, 2011 (gmt 0)

10+ Year Member

Hi Jim,
My web host moved my site to a new server and now my htaccess coding to stop hot linking my images has stopped working. This is the code I have now:

# Return 403-Forbidden response for hotlinked image requests
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mysiteA\.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mysiteB\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?thefind\.com [NC]
RewriteRule \.(jpe?g|gif|bmp|png|ico)$ - [F]

My webhost claimed to have "commented out my rewrite rules in the htaccess file", but the only htaccess file that I edit has no changes in it. I hope he did not do what he said. It would appear the only thing not working is the hotlinking rewrite rule.

Also, according to my host, the new server needs to use my URL without the www in order to generate the SSL. So, whenever the SSL is generated, the www does not appear in the URL. Otherwise, the www is always there. Would that mess up the coding for stopping hotlinking? The only thing I could think of to do was to remove the s in the https?:// part of the code. What do you think needs to be done?

-- grandma_genie

jdMorgan

12:38 am on Apr 7, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

The "s?" in those regex patterns means that the "s" is optional. Therefore, the rule supports (allows) both the http and https versions of your own site to access your images.

The usual question for apparent anti-hotlinking problems is: Are you very sure that you deleted your browser cache before testing each alloowed/not allowed case?

If not, then your browser will cache the images, making them "appear" to be displayed even on not-authorized (hotlinked) sites. You have to delete your cache every time you test a different image or a different 'domain'.

If you wish to do a lot of testing, then it is usually easier to simply turn off your browser cache while testing by setting its size or 'lifetime' to zero (different browsers offer different options to disable cache). However, don't forget to re-enable it when done testing!

Jim

grandma genie

1:34 am on Apr 7, 2011 (gmt 0)

10+ Year Member

Shouldn't the HTTP code on a hotlinked image that is blocked be a 403? I did check the referer link and the image was blocked. But why is Apache showing this:

113.169.79.nn - - [06/Apr/2011:07:09:19 -0400] "GET /store/products/brandA/frogs.jpg HTTP/1.1" 200 31638 "my.opera.com/pqthai8035/blog/?startidw=90" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"

And I did clear the cache. Just confused about the HTTP coding. I just assumed the offending site would throw a 403 in my logs whenever someone visiting that site visited the page with the missing image. Why did this visitor get a 200? That is why I thought my coding was not working. But it still is.

grandma_genie