htaccess and hotlinking

**CRA** · Oct 21, 2002, 01:04

So, there's this code to put in the .htaccess file to prevent hotlinking:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

But let's say that I made a deal with a friend and want my friend to be able to hotlink to my images. Just their website, and my website -- and no one else -- linking to my images.

Is this possible? I'd rather not be redundant with 2 directories of the same images each with their own .htaccess files.

**pippo** · Oct 21, 2002, 12:19

Do you and your friend have a static ip address ?!?
If so you could use:

.htaccess
<FilesMatch "\.(gif|jpe?g|png)$">
order deny,allow
deny from all
allow from your.own.ip.address your.friend.ip.address
</Files>

pippo

**CRA** · Oct 22, 2002, 03:56

That didn't work. I got an internal server error and my geocities account was able to link to those images. Hm.

**pippo** · Oct 22, 2002, 04:50

Yesterday I tested those rules using:

.htaccess

Code:

<FilesMatch "\.(gif|jpe?g|png)$">
order deny,allow
deny from all
allow from 127.0.0.1 127.0.0.2
</Files>

By the way an "internal server error" could mean that you did some mistakes (maybe a typo) inside the .htaccess file.

**seanf** · Oct 22, 2002, 10:34

Moved to a more appropriate forum

Sean

**aspen** · Oct 22, 2002, 10:58

pippo wouldn't that just deny images to all surfers?

Servers do not just serve images any time an HTML page is requested, they (the images) need to be requested. So Joe Smith browsers over to your site, his copy of IE requests an image, and since his IP address isn't allowed he can't get the image.

This, however, should work:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?hisdomain.com/.*$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

**CRA** · Oct 29, 2002, 06:00

Thanks aspen, but that didn't work. However, I tried this:

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?hisdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

and it did work. Go figure. I wish I knew how to program so that I could understand why.

**pippo** · Oct 29, 2002, 06:21

CRA,
when using many RewriteCond in cascade they are considered as an AND by default.
Unless you specify in the rewrite flags OR.

So basically what you write can be interpreted as:
IF ( (HTTP_REFERER != '') AND (HTTP_REFERER != 'hisdomain.com') AND (HTTP_REFERER != 'mydomain.com')) THEN
{
// DENY IT
}

pippo

**pippo** · Oct 29, 2002, 06:31

By the way it's better to write:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?hisdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

that would be interpreted as:

IF ( (HTTP_REFERER == '') OR (HTTP_REFERER != 'hisdomain.com') AND (HTTP_REFERER != 'mydomain.com')) THEN
{
// DENY IT
}

So when HTTP_REFERER is empty
OR
if HTTP_REFERER is different from hisdomain.com
AND HTTP_REFERER is different from mydomain.com
the images will be denied.

The last rules I wrote should be better than yours,
because you didn't prevent hotlinking when HTTP_REFERER is empty.

Please note that I'm a beginner using RewriteCond in cascade, so suggestions are always welcomed

pippo

User Tag List

Thread: htaccess and hotlinking

Thread Tools

Display

htaccess and hotlinking

Bookmarks

Bookmarks

Posting Permissions