David43,

Welcome to WebmasterWorld [webmasterworld.com]!

I'd suggest you keep it simple, and start with something like this:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.)?example1\.com [NC]
RewriteCond %{HTTP_REFERER}!^http://www\.hosting\.example2\.net/~admin32 [NC]
RewriteRule \.(gif夸pe?g在mp安av安mv屹ip妃p3)$ /nohotlink.jpg [L]

I don't know what the following line was intended to accomplish:

 RewriteCond %{HTTP_REFERER} ^[http好ttp] 

If it is the case that your site works with http, nttp, and some other protocols, then this line might be necessary, in which case you should replace the first RewriteCond line above with

 RewriteCond %{HTTP_REFERER} ^(http好ttp) 

(Note the parentheses rather than brackets)

There is another layer of "problem" here, and that is that browsers cannot handle a redirect from one file-type to another unrelated filetype, such as from zip to .jpg - this will not work as expected. I'd suggest:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example1\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.hosting\.example2\.net/~admin32 [NC]
RewriteRule \.(gif夸pe?g在mp)$ /nohotlink.$1 [L]
#
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example1\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.hosting\.example2\.net/~admin32 [NC]
RewriteRule \.(wav安mv屹ip妃p3)$ - [F]

To use this version, create "nohotlink" replacement images in gif, jpeg, jpg, and bmp formats, so as to replace the requested image with exactly the same kind of file as that requested. This guarantees widest-possible compatibility. Requests for the other file formats are handled by simply returning a 403-Forbidden response.
If you don not wish to create the alternate image formats, then simply 403 all hotlinik requests by replacing the RewriteRule in the very first example above with

 RewriteRule \.(gif夸pe?g在mp安av安mv屹ip妃p3)$ - [F] 

You may or may not need that first Options line. If you don't need it, it may cause a server error. However, mod_rewrite won't work if you do need it and don't have it. If you don't have access to the server config file httpd.conf, the only way to find out is to test it.

Check your server error log while testing this code - It will often tell you what and where the problem is.

All broken pipe "¦" characters in the code above must be replaced with solid pipe characters from your keyboard before use.

Jim

Thanks for such a fast reply. Here's the script I used below.

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example1\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.hosting\.example2\.net/~admin32 [NC]
RewriteRule \.(gif夸pe?g在mp)$ /nohotlink.$1 [L]
#
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example1\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www\.hosting\.example2\.net/~admin32 [NC]
RewriteRule \.(wav安mv屹ip妃p3)$ - [F]

It was partially successful. The .hta blocked the audio and video clips from being hotlinked but the .hta still blocks my own site from linking to the images and some images don't appear when the .hta is in place.

Any ideas?

[edited by: jdMorgan at 8:02 pm (utc) on Feb. 13, 2004]
[edit reason] Examplified URLs. [/edit]

No, nothing wrong with that code. You should investigate the logs files further to see what the exact referrer string is when your own pages don't show the images. The most likely cause is that the patterns you're using for {HTTP_REFERER} are not all-inclusive, and a legitimate referrer is being blocked.

Another thing I should note here is that when you are testing .htaccess code, you must flush your browser cache before each test of new .htaccess code. Otherwise, your browser will simply display whatever it cached the last time you made that request - including 403 responses.

Jim

How would I make the pattern I'm using for HTTP_REFERER legitimate? And how could I change it to correct it?

I did clear my cache beforehand but still to no avail.

Here's some information I collected from a header sent and recieved for one of the images on my site -

http://www.example1.com/pics/banners/Earshotmusic.jpg

GET /pics/banners/Earshotmusic.jpg HTTP/1.1
Host: www.boavid.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Accept: image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example1.com/gallery2/propercrimbogallery.php

HTTP/1.x 403 Forbidden
Date: Mon, 02 Feb 2004 20:57:00 GMT
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_jk/1.2.0 mod_perl/1.26 PHP/4.3.3 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b
Keep-Alive: timeout=15, max=81
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

Any help would be much apreciated.

[edited by: jdMorgan at 8:04 pm (utc) on Feb. 13, 2004]
[edit reason] Examplified URLs. Please see TOS. [/edit]

I've stared at this code for several days now, and I don't see anything wrong -- assuming that I understand your situation.

The only thing that stands out is your comment that "some images" don't show. If this is the case, then you need to carefully examine the logs to see why the request failed. What server response code did you get? What was the exact requested hostname when the image failed to show up?

There's no real magic here, and the high-level answer is that your legitimate request is being blocked because the rewriterules don't see it as legitimate -- the referrer is not being recognized as one of your valid referrers. So the question is, "Why not?"

I'm sort of hoping someone else will spot something I've missed here, but if not, you are going to have to dig into the server access and error logs to figure this out.

Jim