Hey SDB,

There's a setting in your FTP client that is ignoring files that begin with a period.

Thats why you can't see the .htaccess file in the directory listing.

Start with a simple .htaccess file to check that it's even being parsed by apache.

make a directory, put this in (minus 'content' lines) and open it up in your browser.

---content of .htaccess file --- 
AuthUserFile /dev/null 
AuthGroupFile /dev/null 
AuthType Basic 
AuthName "foo" 
<LIMIT GET POST> 
require valid-user 
</LIMIT> 
---end content of .htaccess file --- 

If it asks you for a password, your good.

Also, apache has to be compiled with mod_rewrite for this to work IIRC.

I noticed in your post that your regex isn't complete.
(the ^ and $ deliminate the beginning and end)

RewriteCond %{HTTP_REFERER}!^http://www.yourdomain.com/.*$ [NC] 
RewriteRule [^/]+.(gif¦jpg)$ - [F]

is what you should have I think.

-flashback

[edited by: flashback at 12:21 am (utc) on Nov. 13, 2003]

[edited by: oilman at 5:47 pm (utc) on Nov. 13, 2003]

Thank you, FlashBack, but it did not work, I placed the file in a new directory and when I tried to access it with my brouwer, it gave me the forbidden page (You don't have permission to access to this document on this server).
Can't even access a file of my own. Waht could be the reason?

> (the ^ and $ deliminate the beginning and end)

No, they 'anchor' the beginning and the end - which is altogether a different thing from delimiting.

Ref: [etext.lib.virginia.edu...]

Try adding the Options and RewriteEngine directives. If this does not work, then contact your host.

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.net [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteRule \.(gif¦jpg)$ - [F]

The (www\.)? part makes "www." optional. Replace the broken "¦" pipe character with the solid pipe character from your keyboard before use.

Jim

This might be because directory browsing is turned off on that server. i.e. it needs a default document in the new directory (index.html).

Make a new dir, and try to pull it up in your browser.

If you get "index of /foo" then indexes are on.
If you get forbidden, drop an index.html file (even an empty file) and it should pull that up.

Once you've determined that, *then* try your .htaccess file with the basic auth.

-flashback

Also, this script will spit out the available modules, assuming *nix/apache/perl:
(quick and dirty)

#!/usr/bin/perl 
print "Content-type: text/html\n\n"; 
my $server = `which httpd`; chomp $server; 
my @modules = `$server -l`; 
foreach my $ln (@modules) {print "$ln<BR>\n";} 

upload that as test.pl and chmod it 755 using your ftp programs permissions thingy.

[edited by: flashback at 2:04 am (utc) on Nov. 13, 2003]

And yes, JDM, you are correct.

^ binds to the beginning of line and
$ binds to end of line

Mastering Regular Expressions taught me more in the first 40 pages than hacking perl for 4 years did.
I just don't talk about it as much as I use it.

And whats up with the pipe character having a crack in it?
Is that just font? or are they different?

--flashback

flashback,

This forum software does two things you need to keep an eye on when posting regex: First it changes the pipe character to a "harmless" version, and second, it eats spaces preceding "!". You can force a space by posting two spaces, but there's no good work-around for the pipe.

More image hotlinking info on WebmasterWorld [google.com].

Jim

I still have the test dir I just made with the foo document (FlashBack, I hope you know what I'm talking about) in it and now I have addes a new index.html to that dir and guess what happened: when I try to open it with my browser, an authorisation screen pops up with foo on it and it asks for my username and password (which I do not have, since I did not made this). Is this a good sign?

Yes,
that means the .htaccess is working.

Now you just have to delete that 'test' .htaccess file with your ftp client (figure out how to see the files that begin with a period).

Then try that CGI I posted. (your looking for mod_rewrite.c)

Heres what mine shows:

Compiled-in modules:
http_core.c
mod_bandwidth.c
mod_env.c
mod_log_config.c
mod_log_agent.c
mod_log_referer.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_so.c
mod_setenvif.c
mod_fastcgi.c
mod_php4.c

I'm still trying to figure out how to see files that begin with a period (reading other threads here on the board), hope you won't go away since it seems to begin to work now, at least I have some hope.

You can just overwrite the file with a blank .htaccess file.

Hunt through your FTP client software's settings.
Thats where you'll find where to see the dot files.

I found the period file and deleted it (couldn't find it with WS_FTP LE but did find it with SmartFTP..funny) and I uploaded the .pl file and chmoded it to 777 but when I want to access it with my browser, I get the 403 warning.

I also don't know what the pipe character is, can't find it on my keyboard (it is a labtop), sorry, english is not my native language.

Try changing the filename to end with .cgi

That may fix it.

if not,

make a new, seperate directory and try the script to see if you have mod_rewrite.

The pipe character is the vertical line ¦ .
The key just above enter (shift backslash \ )

And, your English is fine. :)

-flashback

Thank you for your patience, this it what I see (did not use the cgi file, it executed right away on my pc, must be because of the dangerous 777....so I used an info file I had).
mod_frontpage, mod_ssl, mod_php4, mod_perl, mod_setenvif, mod_so, mod_headers, mod_expires, mod_auth_anon, mod_auth, mod_access, mod_rewrite, (etc......)

Mode rewrite I see, so that must be good :-)

It worked! I uploaded the new period htaccess file (you JD Morgan wrote it in this tread) and visited some of the sites that do deep linking to some of my images and all I saw where broken links. Just wonderful. Now I can add the redirect thing too and send those abusers right back to my site. Thank you FlashBack and JDMorgan for your help, this is a wonderful helpfull forum. It did cost me so much time to check out the log files and trace those abusers, now at least they won't have any fun of it. Again, thanks a lot, I'm very happy with your help.

Glad to help.

Helping you, taught me.