In an .htaccess, without the asterisk, yes:

Order Allow,Deny
Deny from 219.238.134.
Allow from al

will this deny the entire "D" portion of the IP?

Yes, that will deny every IP number that starts with 219.238.134.

You wrote "Allow from al"
Should that "allow from all" with 2 letters L?

Oops, yes, two l's.

Order Allow,Deny
Deny from 219.238.134.
Allow from all

Thanks Span:

I see there is a deny, and then an allow. I take it that the 'deny' overrides the 'allow',
so that the denied ip's are indeed denied, and only those passing that test (all others)
are allowed. Is this the logic? -Larry

I've got this for the rewrite_cond

<Files .htaccess>
deny from all
</Files>

And I have this for IP's

<Files 403.shtml>
order allow,deny
allow from all
</Files>

Too much? Maybe?

And thanks for the info on the IP itself.......And there goes another worthless eastern pacific rim snoop....

Along these same lines .. I'm getting lots of hot links from some of the community sites.

For some of the worst offenders I have looked up their IP addresses and done an IP deny in CPanel, but when I check the page, the images still show.

So I'm wondering if they are running through another IP or?

I would actually like to do a hotlinks deny/allow, but with so many search engine datacenters I don't want to block my images from a page cache on the search engines.

Any suggestions?

I think you can do this in .htaccess or httpd.conf with something like:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?example.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?example2.com.*$ [NC]
RewriteRule ^.+\.(jpg¦jpeg¦png¦gif)$ http://www.example.com/myad.jpg [NC,R,L]

(note this is untested so test it if you use it and make sure to fix the pipe characters!)

This only allows hotlinking from example.com (your site), example2.com (another one of your sites you want to hotlink from), etc. This is better than denying hot linking by ip really because it blocks everyone besides the domains you want to allow.

Hi Physics,

First, thanks very much.

"RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?example.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?example2.com.*$ [NC]
RewriteRule ^.+\.(jpg¦jpeg¦png¦gif)$ http://www.example.com/myad.jpg [NC,R,L]"

How could I cover all iterations of Google, Yahoo, MSN, etc?

If I use?google.com would that cover all data centers? Or would I need to use?*.google.com? How about international sites?*.google.*? Or do I have to do them individually like?google.co.uk

I notice that MSN is search.msn.com .. same approach?

Sorry for the dumb questions.:>\

Basically yes, something like:
RewriteCond %{HTTP_REFERER}!^http(s)?://(\w+\.)?search\.(\w+)/.*$ [NC]
would allow pretty much anything from blah.search.blah
Remember to check what the url is for their image search domain, i.e. for google it's images.google.com which would be covered by an expression like the one above.
Read up on regular expressions if you want a better idea of what's going on above. Also see
Apache mod_rewrite manual [httpd.apache.org]

I'd suggest using an internal rewrite, rather than an external 302 redirect. With a few more cleanups and tweaks:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example2\.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^\?]+)?search\.[^/]+ [NC] 
RewriteRule \.(jpe?g¦png¦gif)$ /myad.jpg [NC,L]

If you don't use https, then you can omit the "s?" in "https".

Change the broken pipe "¦" characters above to solid pipes from your keyboard before use; Posting on this board modifies them.

Flush your browser cache before testing any change to access-control code.

Jim

Hi JDMorgan,

Thanks very much for the info.

I already have rewrites for example.com to www.example.com.

Does it make any difference whether the "image deny" goes before or after that www rewrite condition?