Forum Moderators: phranque
However I would like to permit ANY Google images site to hotlink to the files. The Google images sites may end in any of the following formats:
.com
.de
.co.uk
.com.hk
So what line can I use to cover "images.google.anything"? Here's my proposed .htaccess file. I know the Google line is incorrect as it stands but I really don't know how to cover all those variations.
<Files .htaccess>
deny from all
</Files>
ErrorDocument 401 /error_docs/401.html
ErrorDocument 403 /error_docs/403.html
ErrorDocument 404 /error_docs/404.html
ErrorDocument 500 /error_docs/500.html
Options +FollowSymlinks
Options +SymlinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?friendlysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://images\.google.*.* [NC]
RewriteRule \.(gif夸pe?g安mv如ng如hp)$ [mysite.com...] [R,L]
Apart from the correct syntax for my Google line I'd love to know if someone can spot other problems with this file.
thanks!
However, you can achieve the same effect as using ".*$" at the end of your patterns by simply omitting all those characters.
You can combine the Options as well, and only one of those SymLink options is required to be enabled in order to allow mod_rewrite to function. If you don't need both for other purposes, you can just pick one.
Remember to escape any special characters that you want mod_rewrite to treat literally. Special characters which require escaping in mod_rewrite are !^$%*.+?(){}[]吒
If these characters are not escaped by preceding them with a "\" backslash, then they will be taken as regular-expressions or mod_rewrite operators. See the regular-expressions tutorial cited in our forum charter.
I also recommend you use an internal rewrite rather than an external redirect -- in order to halve the number of hotlink requests (A redirect tells the client to terminate the current HTTP request, and issue a new one using the URL returned with the 301 or 302 response. This would double the load on your server for hotlink requests. An internal rewrite is simply a file substitution for the current HTTP request.
For those requests which are rewritten, you'll need to take steps to prevent your rule from looping. Specifically, you must assure that the rewritten request for "hotlink.gif" is not rewritten itself. Otherwise, your rule will loop --rewriting hotlink.gif to hotlink.gif-- until the server's maximum redirection limit is reached. So, we need to add one more RewriteCond to prevent this.
After tuning up the code with the above points in mind, we get:
Options +FollowSymlinks +SymlinksIfOwnerMatch
RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?friendlysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://images\.google\. [NC]
RewriteCond %{REQUEST_URI} !^/images/hotlink\.gif$
RewriteRule \.(gif夸pe?g安mv如ng如hp)$ /images/hotlink.gif [L]
BTW, I also recommend that you DO NOT use a custom error page for 500-Server errors. These errors can be quite serious, and it is best to avoid introducing any further complications into the process of handling them. So use a custom 500-Server Error page only if you absolutely must do so.
Remember to flush your browser cache and any other intervening caches before testing any change to your access control code.
Jim
One other thing... I read the following on my new webhost's forum from a user and wondered if you think he's right or not. If the trailing slash is left off, might that introduce other problems?:
"Something I would suggest about those .htaccess files you see floating around: be sure to leave off the trailing slash from your domain name in the RewriteCond line.
The reason for this is that Internet Explorer will sometimes send the domain without a slash as the referer (for instance, if you just type in "http://www.mydomain.com" and hit return). That referer won't match the condition with a slash, and all your images will appear broken.
This happened to me just the other day, when I noticed that my images were suddenly all broken when viewed from the computers at school (having just put in the .htaccess hot-linking protection a day or two prior). When I managed to reproduce it from home, the access log showed that all the files that returned 403 had no trailing slash on the domain. Removing that fixed the problem."
So, you can leave it off the pattern in the RewriteCond, or detect that it's missing and rewrite it or redirect it.
Jim
