Having problems with Rewrite engine.

Forum Moderators: phranque

Message Too Old, No Replies

Having problems with Rewrite engine.

cyphix

5:30 pm on Dec 31, 2005 (gmt 0)

What is wrong with this code? All I get is 500 errors..


Rewriteengine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://mydomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.mydomain.com/.*$ [NC]
RewriteRule .*.(*)$ - [F]

I tried the below code & it seems to work fine; but not sure if it's correct (I'm still a noob @ RegEx).


Rewriteengine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://mydomain\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.mydomain\.com/.*$ [NC]
RewriteRule .*\..+$ - [F]

I'm trying to prevent the hotlinking of files btw..

Thanks!

jdMorgan

9:54 pm on Dec 31, 2005 (gmt 0)

Probably the missing required spaces between "}" and "!":


RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(jpg¦gif)$ - [F]

> I'm trying to prevent the hotlinking of files btw.

You should be specific about *what* files you don't want hotlinked. I show the common version above, which covers jpg and gif filetypes only. If you need to add more, just put them in the parentheses separated by a solid pipe character. Note that you'll need to change the pipe in this code to a solid pipe before using it; Posting on this forum modifies that character.

Jim

cyphix

3:22 am on Jan 1, 2006 (gmt 0)

Thanks!

Btw.. I'm trying to prevent hotlinking of any file; don't have a specific file list.

skinter

4:57 am on Jan 1, 2006 (gmt 0)

Any file? That means if someone links to your site other than yourself, the visitors will get an error and not the desired page.

Besides, trying to protect your site from hotlinking is fairly pointless. Referrers can be spoofed \very\ easily, and lots of browsers never send the referrer with them in the get request.

cyphix

5:23 am on Jan 1, 2006 (gmt 0)

Any file? That means if someone links to your site other than yourself, the visitors will get an error and not the desired page.

No; I'm only applying it to a certain directory & it's subdirectories.

As for the referrer isue; yes, I'm aware of that.. I'm putting other safeguards in place also; this is just one of them. :)

jdMorgan

7:14 am on Jan 1, 2006 (gmt 0)

If you want to forbid external-site referrer access to anything in the directory in which this .htaccess file resides, and also in any directory below this directory, then change the above rule to:


RewriteRule .* - [F]

As noted, blank referrers will (and should/must) be allowed access, and so this method isn't bullet-proof by any means.

Jim

cyphix

7:34 am on Jan 1, 2006 (gmt 0)

Ok.. thanks for that! :)

cyphix

9:20 am on Jan 1, 2006 (gmt 0)

Is there a way that I can change that slightly so I can put it in my root dir & so it only affects a certain folder?

Would this suffice?


RewriteRule /userfiles/.* - [F]

Can't really put it into the folder as I'm having issues with other code & makes it a lot easier if I can put it all in the root .htaccess file.

Thanks again!

jdMorgan

6:35 pm on Jan 2, 2006 (gmt 0)

Yes, what you posted should work. Please test first before posting; the number of people who answer questions here is limited.

Jim