Htaccess Control Of Specific Files

Sitepoint Members,
Is there any way to get this code to work for a specific jpg file, instead of all jpg files?

RewriteEngine On
RewriteCond %HTTP_REFERER} !^http://www\.wxyz\.com/ [NC]
RewriteRule \.jpg$ - [F]

I tried changing the last line to
RewriteRule ^somespecificfile\.jpg$ - [F]

(with and without the carrot)

and it didn’t work.

The code above allows jpg images in a webpage to show and doesn’t allow jpg images to be brought up alone (somespecificfile.jpg) in a browser. I’d like this to work for one specific jpg instead of all jpgs.



I guess this is a hotlinking question. I put together some lines I found at Sitepoint and my webhost.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
[COLOR=#0000FF]RewriteCond %{HTTP_REFERER} !^ [NC]
RewriteCond %{HTTP_REFERER} !^ [NC][/COLOR]
[COLOR=#008000]RewriteCond %{HTTP_REFERER} !^(.+\\.)?*$ [NC,OR][/COLOR]
RewriteCond %{HTTP_REFERER} !^(.+\\.)?google\\. [NC,OR]
RewriteCond %{HTTP_REFERER} !^(.+\\.)?yahoo\\. [NC,OR]
RewriteCond %{HTTP_REFERER} !^(.+\\.)?bing\\. [NC]
RewriteRule \\.(gif|jpe?g|bmp|png|js|css)$ [R,L]
  1. My webhost wrote the two blue lines. Isn’t there supposed to be a \ right after “mydomain” and after www?

  2. I found the blue lines (maybe just one of them) written another way. I listed it in green. Which way is better, blue or green?

Will this code properly allow those search engines to my images and send others to my 404 page?



Yes, by using code specific to your file.

Please use the [noparse]


[/noparse] wrapper on code so it’s easier to see (and reply to).

The obvious error is that the opening { is missing on the {HTTP_REFERER} variable. Second (possible) error would be a start anchor on the image filename IF the image is in a subdirectory.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www\\.wxyz\\.com/ [NC]
RewriteRule somespecificfile\\.jpg$ - [F]

Minor changes but that resolves the problem of the Apache variable (opening {) and the potential subdirectory for somespecificfile.jpg.

Your note, “The code above allows jpg images in a webpage to show and doesn’t allow jpg images to be brought up alone.” is quite correct as it is your server which is the referrer for embedded images. Of course, once the image is in the browser, it can be captured or simply “Show Image” to view just that image. You really have no control over what a visitor’s browser can do with your files (except display and make them available to the visitor).



I’m not sure why that left bracket disappeared, it’s in my notes and my post is a copy and paste from my notes.

During the time between my first and second post my webhost and I worked on the code of my first post and they couldn’t get it to work, including trying the caret.

You write. “Of course, once the image is in the browser, it can be captured or simply “Show Image” to view just that image.” What browser has “show image” and does it work when the image is buried in CSS which is buried in a php file?

Thanks for the help


I put background-images in CSS, too, but FF allows me to view background image on a right click - same with any other image. If its shown, it’s on the visitor’s computer and they choose what to do with it.



I didn’t even know that feature is there in the right click drop down. That’s a pain.
Thanks for the help. I’ll have to think on this.



While you’re thinking, consider placing a transparent gif file over the images you want to protect. Visitors won’t be able to access the protected image via right click but, since it’s on their computer, they can merely look at their own cache files to “capture” the protected image.

If you want to use JS or CSS to change the image on a mouseover, JS can be turned off and CSS must be read by browsers so they’re of little benefit (in protecting an image).

Using “slices” won’t help either (not even if you change the scale and use JS/CSS code to resize and reassemble) because a visitor can read the code you’re using and do the same thing.

In other words, if you don’t want others to use your image, use a good watermark (difficult to remove but no guarantee) or don’t put it online.

WARNING: Pontification follows

IMHO, the Internet should be free for original content. Humans ruin that concept by breach of copyright notices (piracy) and there is little (actually, nothing) you can do about it. Therefore, annoy the pirates by making it impossible to steal your bandwidth with your images (embedding your image in their website with a link) via mod_rewrite and, if you have copious spare time, try some of the above referenced “tricks” (especially the watermarks) with the knowledge that nothing will stop a determined pirate from saving your image and using it elsewhere.



You went a little overboard with “there is little (actually, nothing) you can do about it.”
Copyright infringement notices are very effective for that - if you have the right email address. I even sent one once to google for a google blogspot page. The only time it didn’t work for me was when I sent one to pinit and they wanted me to take them to court, so all I did was change the address of the page and image and send them a letter saying their site was creating a lot of dead end traffic - my 404 page.

But if you can stop an image from being taken in the first place, mainly your header image if you have one, it cuts down on having to write copyright notices. You know, if you catch someone hotlinking to an image of yours, for fun, you can change the address for your image for your address but for the original image address and file you could use a different image the hotlinker would never want, like por_, and then write them a “did you know …” letter.


Ha, ha, ha! :rofl:

Moving the image along with using mod_rewrite to redirect the image request to a sex website should do the trick!

Thanks! I needed that laugh!



I think maybe not writing a did-you-know letter and letting their website lose traffic - precipitously. Imagine thier surprise when they find something they wouldn’t want to see anywhere, let alone on their website. I think one of those one-file multiple or moving images would cause a hotlinker a paradigm shift.



You’ve got it! I think we’d both like to see their face when they discover what you’ve done! :wink: