Sure, take your best shot at coding it up, and then post your code so we can discuss it.

Don't forget, you may want to allow things like Google cache, Google image search, Internet Archiver, and language translation services to "hotlink" to your images. In other words, the list of "allowed" sites may be longer than you first imagine.

Jim

Good point. I hadn't thought about the search engines.
But I'm only trying to restrict pictures, not text, so I think I'll be OK.
I've wiped my htaccess clean out of frustration, so I'm afraid I have no snippets to post. I think I was way off base from the start.

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^http://(www\.)?alphasite\.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?betasite\.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?gammasite\.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER}!^$
RewriteRule .*\.(gif¦jpg¦jpeg¦bmp)$ - [F,NC]

This is my attempt. I'm not sure it's the most efficient way to do it, but it works for me.

This goes within the .htaccess file in the directory where your images reside.

The character ¦ that you see between the gif jpg jpeg bmp is the "pipe" key on your keyboard. It should be a solid vertical line, but it shows up in forum posts as a broken vertical pipe.

RewriteEngine on  
RewriteCond %{HTTP_REFERER} .  
RewriteCond %{HTTP_REFERER} !^http://(www\.)?(alphasite¦betasite¦gammasite)\.com [NC]  
RewriteRule \.(gif¦jpe?g¦bmp)$ - [NC,F]

;)

cws3di: Thanks. That looks promising. I wonder if the problem was that I didn't have it in the actual directory of the images, but rather in a parent directory. I assumed that an .htaccess at the web site's root level would take care of all the directories below it. Is this not correct?

dcrombie: Nice and concise, but I think I'll have to use cws' method because some of the sites are .com, some are .at, some are .co.uk, etc...

In that case, here's a clean-up for the multiple-RewriteCond approach:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?alphasite\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?betasite\.org [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?gammasite\.net [NC]
RewriteRule \.(gif¦jpe?g¦bmp)$ - [F,NC]

The deleted characters were superfluous, and the "jpe?g" pattern matches either "jpeg" or "jpg".

Note that posting on this forum modifies the pipe "¦" character. Change all broken pipes to solid pipes before use.

Jim

I like all of the rewrite except the last line. I usually rewrite to an image that advertises my website.

Here's what I tried:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.org(/)?.*$ [NC]
RewriteRule \.(gif¦jpe?g¦png)$ - [F,NC]

It didn't work. For whatever reason it didn't restrict anything at all. Any ideas why it didn't work?

[edited by: jdMorgan at 3:18 pm (utc) on Oct. 5, 2005]
[edit reason] Examplified, shortened code snippet. [/edit]

Did you flush your browser cache between tests? If not, the browser will serve previously-cached images, the requests will not be sent to your server, and your code will have no effect.

Otherwise, check your error log. If there's a message in there about FollowSymLinks, you'll need to add

Options +FollowSymLinks

ahead of your code.

Please do not post 'real' URLs. See our Terms of Service.

Also, get rid of the cruft at the end of your domain names. It serves no purpose except to make your server less efficient, and will fail if a port number is appended to the domain. A review of regular expressions syntax will explain this, but basically "...com" is entirely equivalent to "...com.*$" excpet that it is processed more quickly.

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.org [NC]
RewriteRule \.(gif¦jpe?g¦png)$ - [F,NC]

Jim

Thanks for the advice. Sorry about the TOS violation. I didn't even think about that.

I ended up getting it working using a snippet I found elsewhere. Here's the solution that worked for me:

SetEnvIfNoCase Referer "^http://example.info/" locally_linked=1
SetEnvIfNoCase Referer "^http://example.at/" locally_linked=1
SetEnvIfNoCase Referer "^http://example.co.uk/" locally_linked=1
SetEnvIfNoCase Referer "^http://example.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://example.cn/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.example.info/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.example.at/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.example.co.uk/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.example.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.example.cn/" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1

<FilesMatch "\.(gif¦png¦jpe?g)$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>

As you'll remember, the task was complicated by the fact that I have sites on .co.uk, .at, .cn, and others. Through a little trail and error I found it works better if I have a regular line with the "www." and another line without it.

I think the reason the other solutions didn't work is because of my host. I think they have some custom settings that make .htaccess behave a little unpredictably.