Actually, you have a bigger problem if you care about search rankings. Your ErrorDocument syntax is incorrect, and may cause duplicate-content problems.

See the Apache ErrorDocument documentation [httpd.apache.org], but the correct syntax to avoid a 302-Moved Temporarily response status is:

ErrorDocument 400 /
ErrorDocument 401 /
ErrorDocument 403 /
ErrorDocument 404 /404.html
ErrorDocument 500 / 

I strongly suggest that you either create separate custom error pages for each error, advising the visitor what to do in each case, and linking to appropriate pages, or delete the ErrorDocument directive for any error that you don't have an error page for. The most serious problem here is the 500-Server Error; If your server has an error on the home page, it will recursively call that home page as an error document, get another server error, and proceed to get "wrapped around the axle." 500-Server Error handlers should be dirt-simple static pages with absolutely no external dependencies -- No images, no CSS, no JS, no SSI, etc.

As far as your hot-linking code goes, you've got the "industry standard" code in place. It's as good as you can get, given the unreliable nature of HTTP_REFERER request header handling (This subject has been well-covered here, and I won't repeat it. Do a search [webmasterworld.com] for "hotlinking htaccess" to see many previous threads). Two more-effective solutions are to rename your images (or image directories) on a daily, weekly, or monthly basis, or to use a script to serve the images, with the script checking for a browser session cookie set on an "authorized" page of your site before serving the image.

Jim

Hi Jim

Thanks for the advice and pointing out my errors.

I have changed the ErrorDocument section to the following:

ErrorDocument 400 /
ErrorDocument 401 /
ErrorDocument 403 /
ErrorDocument 404 /404.html
ErrorDocument 500 /

Renaming the files isn't an option as the site contains 30K+ images.

At present I use a script to serve the images so I will look into the session cookies you mention.

I may be wrong but a couple of years ago I was sure I used a host with cpanel that allowed me to stop direct browser access to images, I was hoping my memory had served me right and it was done with .htaccess.

Thanks again Jim

You still have most of your errors (including 500-Server Error) pointed to your home page -- Not recommended.

Each error should point to a page that describes the error, and what the user should do about it (Try again, use the site map, contact the Webmaster, etc.) On some or all of those pages you can/should include a link to your site map, home page, or similar product page URL.

> cpanel that allowed me to stop direct browser access to images

cpanel generates essentially the same code as you already have. Direct browser requests do not provide a referrer, and so cannot be blocked without blocking blank referrers. And if you do that, then your site will look badly broken to all AOL users, EarthLink users, and many corporate users.

But don't confuse direct browser access (typing in the URL) with image hotlinking using <img src="http://your_site.com/images/your_image"> -- Most of those requests (except for AOL, etc.) *will* provide a referrer and so can be controlled. And if you block *most* of them, the hotlinking site will look broken, encouraging the Webmaster to stop hotlinking.

You can also rewrite hotlinked image requests to a generic image containing your URL and an invitation to the viewer to visit your site to see the original image. This replacement image should be simple and clear, because you will have little control over the image dimensions. So, it must scale reasonably well from portrait to landscape, and over a reasonable range of sizes. In many cases, the 'free advertising' you get this way far outweighs the bandwidth loss.

Again, almost all of these issues have already been beaten to death here [google.com].

Jim

Once again thank you Jim for taking the time to post my errors.

I created 4 new pages and made the 500.html plain text and simple, no images etc as you advised. The following is how that section now looks.

ErrorDocument 400 /400.html
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html

I will just leave the hotlink section as is and accept the direct viewing. Sounds like I'd be creating more problems than I would be solving.

Thanks again

Mick