have added hotlink protection to my .htaccess file. It works fine and stops images and pdf's loading if they are called from another domain. However, I don't want files to be blocked if people follow a link to them from within my domain. For example, if there is a link to www.mydomain.com/file.pdf on the page www.mydomain.com/somefile.htm, at the moment that pdf will be blocked from loading. Is it possible to stop this happening?
Thanks
.htaccess code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|JPG|pdf)$ - [F,NC]
Related
We serve images from both our www. and img1/2/3 subodmains. The rule we have successfully blocks hotlinking from the www. but not the img1/2/3. Two part question: Why do the img1/2/3 not work when the www does and is there a way to economize this into one rule?
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain.org [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Thanks a lot.
You need to use the OR flag in the first three conditions or, alternatively, collapse the three conditions into one.
OR flag:
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain\.org [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]
Collapse into one condition
RewriteCond %{HTTP_REFERER} !^http(s)?://((www|img(1|2|3)\.)?domain\.org [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
This is what I use at the moment (auto-generated from my cPanel).
Is there a way that I enable this hotlink protection only from a certain website, e.g. site.com?
Or another option is to disabe it for certain websites - trustedsite1.com, trustedsite2.com
Any of those two options suit me well.
To block hotlinking from a specific site:
RewriteCond %{HTTP_REFERER} ^https?://site.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
To allow from trustedsite1 and trustedsite2, just add additional conditions:
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite2.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
I've currently got the following in my .htaccess of my photo folder.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteabc.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sitexyz.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://example.com/images/bandwidth.png [NC,R,L]
This blocks all not allowed domains from hotlinking our photo files and displays the http://example.com/images/bandwidth.png in it's place.
However, what I would like to do is to allow sites to be able to hotlinked our thumbnails. The thumbnail images have this sort of filename format
filenameabc_100_cw100_ch100_thumb.jpg
filenameabc_100_cw100_ch100_thumb.png
filenamexyz123_100_cw100_ch100_thumb.png
eg the filenames all end with _thumb.ext
So what I would like to do is to modify the above .htaccess to globally block all access with the exception of the filenames ending in thumb eg *_thumb.jpg or *_thumb.png
I don't have the first idea about how to write such a rule.
If anyone has any ideas I would be most grateful.
Modifying the rule-set in the question:
You may try this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteabc.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sitexyz.com [NC]
# Add this other exception
RewriteCond %{REQUEST_URI} !_thumb\. [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://example.com/images/bandwidth.png [NC,R,L]
So I want to disable Hotlinking in general but allow it for the subdomain "thumbs". My .htaccess is as the following:
#HOTLINKING
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.* [NC]
RewriteCond %{HTTP_HOST} !^thumbs.domain.com [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
However, it does not work! How can I fix this?
You are mixing HTTP_REFERER and HTTP_HOST. You should only use HTTP_REFERER. So:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://thumbs\.domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
or even shorter matching all subdomains (and domains ending in 'domain.com' but that's very unlikely)
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
So I've got this in my site .htaccess file to prevent hotlinking of images, JS and CSS from all other domains.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Question: How would I selectively allow one or two domains to hotlink?
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Will work, as this says.
"Refererr is not nothing, and referer is not matching mydomain and referer is not matching otherdomain.
If it were the case that you were trying to do the opposite (blacklist a set of domains from hotlinking) you'd do something like
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain2\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Just add another condition before the RewriteRule for each domain you want to allow.
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC]
(presumably you don't care if the request is via http or https or whatever, so you can leave that out to make it more generic)