Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

.htaccess in subdirectories

subdirectories and .htaccess not working correctly



9:50 pm on Dec 10, 2002 (gmt 0)

10+ Year Member

I've read through the multiple threads on .htaccess several times for an answer to this. The file that I have in my documents root is working fine. The problem that I'm having is that I have a single user who is constantly linking to pictures in a single sub-directory. I have banned their primary IP in documents root, and I was trying to stop them from linking to pics by creating another .htaccess in the subdirectory.

Every time I think I have it right (and even test it as best I can), I see code 200 responses an hour later where this person is still linking to my pics.

I put the following in my images/.htaccess: where "bandwidththief" is the online journal account they are using to steal my pics.

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [NC,OR]
RewriteCond %{HTTP_REFERER} bandwidththief/.*$ [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ - [F,R]

I thought this would work, and with a URL referer that starts with "bandwidththief" it does. But about two hours after I did this, I saw a string of additional code 200 responses where this person was hotlinking to more pics. All of those requests had a referer of [example.com...]

I don't want to deny the entire online journal site because some of my friends use it. Any ideas on why this isn't working the way I am thinking that it should?


[edited by: DaveAtIFG at 9:59 pm (utc) on Dec. 10, 2002]

[edited by: Vael27 at 10:26 pm (utc) on Dec. 10, 2002]


10:02 pm on Dec 10, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Welcome to WebmasterWorld Vael27! It looks like you've done your homework before posting and we appreciate it!

I'm confident that one of our resident mod_rewrite gurus will be along soon to help you sort this out.


10:02 pm on Dec 10, 2002 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

if you ban them at root they should not be able to access any of your directories?

someone correct me if im wrong.


10:20 pm on Dec 10, 2002 (gmt 0)

10+ Year Member

Only their primary IP, which is static, is banned in documents_root. That works fine, every time. They've also been opening the links using a dynamic IP, but, every time they do their username from this online journal is somewhere in the HTTP_REFERER.

The .htaccess file in the sub-directory works fine if the referer is blank. I tried that last night around 10p several times, and got 403 errors every time. It's just not working if "bandwidththief" isn't at the beginning of the referer url.


11:41 pm on Dec 10, 2002 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member


Welcome to WebmasterWorld [webmasterworld.com]!

Delete the slash off the end of the "bandwidththief" condition, and leave it without an end anchor:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://www.example\.com/users/bandwidththief [NC]
RewriteRule .*\.(jpg¦jpeg¦gif¦png¦bmp)$ - [F]

You really can't block blank referrers, because that will block legitimate users who connect through proxy servers or use Norton Internet Security.

Also, [F,R] is redundant, so you can omit the "R".

If this doesn't work, please copy one of the lines from your server log, and post it so we can see the entire referer string.



5:39 pm on Dec 11, 2002 (gmt 0)

10+ Year Member

Thanks for the help. I wasn't quite sure what the R in the rewrite rule was for anyway. I'd copied it from the very long .htaccess thread in the php section.

Featured Threads

Hot Threads This Week

Hot Threads This Month