Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

.htaccess Anti Leech for more than one domain

Any help?

1:53 am on Feb 19, 2003 (gmt 0)

10+ Year Member

Hello! I'm new and I need some help with the anti-leech .htaccess code. I know there are other topics about this, but they don't help me, and it still won't work. I have one main domain that I host other websites on, well, I also have an add on domain. The add on domain is a domain.com/hostee name, so I didn't think I would have problems, but when I added the anti leech code into the root of the mydomain.com it made all the images on hosteesdomain.com broken. Here's the code I used:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain\.com [NC]
RewriteRule .*\.(gif¦jpg¦jpeg?¦png)$ - [F]

I did some searching for some help and got this code:

RewriteEngine On
RewriteCond %{HTTP_REFERER}!^http://hosteesdomain.com/ [NC]
RewriteRule [^/]+.(gif¦jpg)$ - [F] # No access to images
RewriteCond %{HTTP_REFERER}!^http://mydomain.com/ [NC]
RewriteCond %{HTTP_REFERER}!^http://mydomain.com/ [NC]
RewriteRule [^/]+.(gif¦jpg)$ - [F]

Neither of these worked. I also tried treating my hostees domain (hosteesdomain.com) as it's own and adding a .htaccess page with the anti-leech code, but with no luck. I am really new at this and I really only want to stop message boards from direct-linking images, so any help anyone can give me is greatly appreciated. Thank you in advance!

2:26 am on Feb 19, 2003 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member


Welcome to WebmasterWorld [webmasterworld.com]!

The problem may be in the construction of the pattern-match in the RewriteConds. Lets walk through your first example:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpg¦jpeg?¦png)$ - [F]

This says,
"If the referring domain is not blank [and]
if the referring domain is not [mydomain.com,...] with or without 'www.' and disregarding case [then]
rewrite any requests for files ending in .gif, .jpg, .jpe, .jpeg, or .png to [nothing] and return a 403-Forbidden server status code."

Therefore, since your subdomain does not match www.mydomain.com or mydomain.com, the rewriterule is applied, and you get "broken" images.

You need to make the second RewriteCond comprehend your subdomain to eliminate the problem. If this is a subdomain, i.e. hostees.domain.com, this would work:

RewriteCond %{HTTP_REFERER} !^http://(www\.¦hostees\.)?mydomain\.com [NC]

Alternately, if hosteesdomain is really a separate domain name, use:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?hosteesdomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpg¦jpeg?¦png)$ - [F]

There are several changes to what you posted. Note the space required ahead of each "!" Note that I have deleted the trailing slash on the domain names to allow for the case where a port number is appended. All literal periods in pattern-match strings have been escaped with a preceding "\".
Also note that the WebmasterWorld forum software will change solid vertical pipe characters into a broken vertical pipe "¦" characters, which you must edit and replace before use.

This Introduction to mod_rewrite [webmasterworld.com] is "required reading" before using mod_rewrite - and follow the references to the Apache documentation. mod_rewrite will tolerate no typos, and even minor errors can have disastrous effects, so study is worthwhile.

If none of the above examples helps, you will need to be very specific about the exact nature of your domain-name-to-file-system-directory mapping to get good help. :)


3:04 am on Feb 19, 2003 (gmt 0)

10+ Year Member

I tried the second code you gave me, and the images on both domains were able to be seen, but also were able to be directly linked. My hostee is technically located at mydomain.com/hostee and my hosting provider has the hosteedomain.com pointing to that url. I added the code you gave me into the /hostee folder (I made a .htaccess page), in my root folder, and also in my public_html folder. Did I need to add it so many times? If not, where do I put it? Thank you for helping me!
3:31 am on Feb 19, 2003 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member


You need to put an appropriate .htaccess file wherever it will be executed as the "domain" is accessed. Generally, this is in your "web root" directory - wherever your default "index.html" main or "home" page is. In your case, you need one in /hostees as well. You won't need one in /public_html, since (I assume) that that is the directory above your web root directory. Any .htaccess above web root normally won't be executed (there are always a few funky server setups that break rules).

If your hostees domain is pointed directly to your domain/hostees subdirectory, then you will need an .htaccess file in that subdirectory which handles accesses to the hostees domain only. Once you get more familiar with .htccess, you may find it more efficient to get your host to point the hostees domain to your web root as well; Then you can handle redirecting it yourself, but still have most of your common-to-both-domains .htaccess directives processed right away at that level, saving duplication in multiple .htaccess files.

One thing that may be causing you trouble: Remember to flush your browser cache (Temporary Internet Files) while testing for hot-linking. If the image is already in your cache, it may appear to remain accessible via hot-link, when in fact it is not, but is being fetched from your local browser cache. You can either flush it before each test, or set up your browser preferences to disable the cache (by telling it to always re-fetch the requested resource from the web). I often have this trouble, because my browser sits behind two caching proxies, and I have to flush all of them. On the other hand, it's secure back here. :)



Featured Threads

Hot Threads This Week

Hot Threads This Month