one cause could be is that the HTTP_REFERER header which you check by the RewriteCond directives is not being used by all the browsers, or if the browser uses it, but you type (or copy-paste) the link to your image straight into your browser then the referer header is not set again, so the rewriting does not run. this is normal, because since some browser does not set the referer header you can't be sure that the image is refered by a page of yours or not. this is the rule of the first RewriteCond; if the referer header is empty, allow to download the image.

Thanks for your reply gergoe. And I believe I understand what your saying (still early yet) But I still am not understanding why it's inconsistent for me. I am using IE6 as my browser and yesterday while testing this I hot-linked an image to a forum post. Like I said several times through the day, it seemed the rule was working and I saw the thief image. Then other time I was able to see the image that I hot-linked.

Also at these different times via my site logs, I could check sites hot-linking and see the thief image say in a background they had hot-linked to. Other times I could not.

I would clear my cache and check again and still wouldn't see the thief image. Few hours later I could. This happen several times through out the day. Very strange.

There can be any number of caches between your browser and your server. If the image is fetched from a network cache (say, at your ISP), then you won't even see a request for it in your logs. If the cache itself refetches the image on behalf of a user then it will not provide a referer, and as gergoe says, your first RewriteCond will allow that access.

Access protection by referer is not 100% reliable, and we just have to live with it. If you block blank referers, then you will serve your thief image to a significant number of legitimate site visitors. The alternative is to set up an access-control script, and use cookies or sessions to control image access.

I'd like to recomend that you not use an external redirect to serve your thief image. First, because following an external redirect requires the cooperation of the user-agent, and second, because it "exposes" your method.

The code you posted above can be simplified, and the rewrite hidden using:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?rpsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/subdomain1 [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/subdomain2 [NC]
RewriteRule \.(gif¦jpg¦bmp)$ /thief.jpeg [NC,L]

You could also reduce it further by combining your two subdomain lines

RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/(subdomain1¦subdomain2) [NC]

Replace all broken pipe "¦" characters with solid pipes before use.

<added> Forgot my manners... Welcome to WebmasterWorld [webmasterworld.com]! </added>

Jim

Thank you very much Jim. I will try it and let you know how it goes

K