also, I wasn't sure which forum this question belonged in, so, please feel free to move it if this is the wrong forum.

oh my.. I think I figured out the problem. the replacement hotlink image is a .jpeg. the images I test for are .gif, jpg, png, or bmp. as long as I don't test for the replacement image type, it works. but when I add jpeg to the type test, I get a 500 error.

so, it is not the image. It is the way I have .htaccess set up. ack.. back to the drawing board.

I will have to figure out why the examples I saw here work and my htaccess doesn't.

this is my htaccess:

AddType 'text/html; charset=UTF-8' html
#
ErrorDocument 404 /404.html
#
Options +FollowSymLinks
#
RewriteEngine on
# prevent hotlinking
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteRule .*\.(gif¦jpg¦png¦bmp)$ /i/graphictheft.jpeg [L]
#
# Redirect anything that's NOT www.mydomain.com to www.mydomain.com
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST}!^www\.mydomain\.com
RewriteRule (.*) [mydomain.com...] [L,R=301]

The two most-likely causes for problems are:

1) Client did not send HTTP referer, and is therefore allowed to fetch the correct/original image.

2) When testing flush your browser cache before doing a hotlink request. Otherwise, your browser may have cached the image, and if so, will show you the cached version, and not try to fetch the image from your server.

To be clear, images are cached by URL. When you put hotlink code in place, you really have one URL that points to two possible images -- the original/correct one, and the replacement to be served to hotlink requests. Therefore, you must flush your cache while testing to avoid confusion.

Anti-hotlinking methods based on the HTTP Referer header are unreliable, but simple. They work often enough to discourage hotlinkers, and are simple to implement. When referrer-based anti-hotlinking does work, it makes the hotlinker's site look broken, or displays an alternate image (possibly with your watermark or URL, or an overlaid message directing the viewer to your site, or --if you prefer fun over professionalism-- a naughty or disgusting picture). In most cases, that's good enough to get your image's link removed.

Standard anti-hotlinking code won't work for type-in URLs, some types of JavaScript image requests, media player image requests, and requests from users behind ISP or corporate caching proxies. But like I said, it's easy to implement, and usually works well enough.

Jim

I always flush the cache before testing. yeah, you can spend a lot of time spinning your wheels if you don't.

In this case, it is like it is looping. but I don't see why.

anyway, I'm trying some other stuff. I put up a public folder, and will put the hotlink replacement images in this folder. Will post if this works.

ok.. moved the hotlink replacement image to a "public" folder, and added jpeg to the tested images.. and it works.

here is the new htaccess code:

RewriteEngine on
# prevent hotlinking
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.)?owenfoundation\.com [NC]
RewriteCond %{REQUEST_URI}!^/i/public/
RewriteRule .*\.(jpeg¦gif¦jpg¦png¦bmp)$ /i/public/graphictheft.jpeg [L]

ok, now I uploaded all my changed hotlink images to the public folder and changed the htaccess code to replace the image with the hotlink image of the same type.

This works also.

I'm wondering if the redirect in the code after my hotlink checks was creating the loop somehow? Although, I would think that the original hotlink replacement image would not trigger the redirect because it would be the correct domain. but.. I can't think of another reason that it would loop. Doesn't mean there isn't a reason.. :\

anyway, here is the code that works:

AddType 'text/html; charset=UTF-8' html
#
ErrorDocument 404 /404.html
#
Options +FollowSymLinks
#
RewriteEngine on
# prevent hotlinking
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteCond %{REQUEST_URI}!^/i/public/
RewriteRule \.(jpeg¦gif¦jpg¦png¦bmp)$ /i/public/graphictheft.$1 [NC,L]
#
# Redirect anything that's NOT www.mydomain.com to www.mydomain.com
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST}!^www\.mydomain\.com
RewriteRule (.*) [mydomain.com...] [L,R=301]

You can be more specific with the anti-loop hotlink image exclusion, and make the hotlink image location-independent at the same time. Also note the efficiency tweak to the image type regex to accept jpeg or jpg:

# prevent hotlinking
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{REQUEST_URI} !graphictheft\.
RewriteRule \.(jpe?g¦gif¦png¦bmp)$ /i/public/graphictheft.$1 [L]

Note that if you use [NC] on the rule, then you'll need files with all possible case combinations. I'd recommend linking to your own images using lowercase only, and letting all incorrect-case image requests go 404.

Jim

even better! thanks!

now, when you say more efficient.. does this mean faster?

I will leave the public folder in as I think my friend will want the option of allowing some images to be hotlinked.

> does this mean faster?

A little bit faster. With a small file, it likely makes no difference. But my config files are rarely small, so every little bit helps.

Jim

thanks. I appreciate it.