I have a .htaccess file in my folder that prevents direct access to all files in this folder. Basically, I used this link as reference. Deny access to all files in a directory unless a specific php page is referrer
But I'm not sure what the syntax on the final line means, specifically what the ^ and the - do. I noticed it works if I delete the dash and keep the caret. Much appreciated if anyone can explain the syntax on the final line.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !../login.php
RewriteCond %{HTTP_REFERER} !home.php
RewriteCond %{HTTP_REFERER} !table.php
RewriteCond %{HTTP_REFERER} !search.php
RewriteCond %{HTTP_REFERER} !1_3_5_7_8_10_12.php
RewriteCond %{HTTP_REFERER} !4_6_9_11.php
RewriteCond %{HTTP_REFERER} !2Leap.php
RewriteCond %{HTTP_REFERER} !2NotLeap.php
RewriteRule ^ - [L,R=404]
Related
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?site1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?site2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^$
RewriteRule \.(jpg|jpeg|png|gif|js|css)$ - [NC,F,L]
The above code is doing the opposite for me. I want to a site1 and site2 but prevent all others.
You should have your .htaccess rules file in following manner. Please make sure to clear your browser cache before testing your URLs.
RewriteEngine on
RewriteCond %{HTTP_HOST} ! ^https?://(?:www\.)?(?:site1|site2)\.com$ [NC]
RewriteRule \.(jpg|jpeg|png|gif|js|css)$ - [NC,F,L]
I used the rules that should work, and have worked in the past but every variation I try it continues to serve a the image (clearing cache each time). Other rules like URL rewrites work fine.
I would provide a copy of the error logs but I can't seem to gain access to this through FTP, neither can the person running the server droplet.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(sub\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
I know this seems like it should all be working, everyone says the codes are correct. Yet for the past few weeks I have been trying find solutions. I'm positive there is something else going on that is not related to the code, I just need help finding it as I'm not too experienced working extensively with htaccess.
Full htaccess:
ErrorDocument 404 /404.php
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?dev.mangazing\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Is this what you're looking for?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sub.example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
EDIT
Please try to replace your rewrite rule line
Replace:
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
With:
RewriteRule \.(jpg|jpeg|png|gif)$ http://icons.iconarchive.com/icons/tatice/cristal-intense/256/Ad-Aware-icon.png [NC,R,L]
Your code will look like:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sub.example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://icons.iconarchive.com/icons/tatice/cristal-intense/256/Ad-Aware-icon.png [NC,R,L]
Or
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?dev.mangazing\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://icons.iconarchive.com/icons/tatice/cristal-intense/256/Ad-Aware-icon.png [NC,R,L]
and visit 1 of your image urls, I hope this is working for you.. remember to upload a replacement picture to a server and change replacement URL in the new rewrite rule, this can be done with a transparent 1 pixel image (Not a html/php etc document, it must be an image file!) free hosted at google pages or any other webhosting service you like..
Edit 2
Please try with <IfModule mod_rewrite.c>:
<IfModule mod_rewrite.c>
RewriteEngine on
#Your other anti hotlink commands here...
</IfModule>
More methodes to protect image hotlinking: creating the ultimate .htaccess anti hotlinking strategy
I'll get straight to it. I have this code in my .htaccess file to prevent hotlinking, see below:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mywebsite.ca/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mywebsite.ca$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.ca/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mywebsite.ca$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
but I will have a few .jpg images up for banner exchange between sites and I don't know how to write the rule to allow hotlinking for just one folder. In this case the one folder will be root/image/links/
What changes in the rewrite conditions do I need to make to allow hotlinking for this one folder?
Thanks for your anticipated help everyone.
You can use
RewriteCond %{REQUEST_URI} !^/image/links/
as an additional condition.
I've currently got the following in my .htaccess of my photo folder.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteabc.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sitexyz.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://example.com/images/bandwidth.png [NC,R,L]
This blocks all not allowed domains from hotlinking our photo files and displays the http://example.com/images/bandwidth.png in it's place.
However, what I would like to do is to allow sites to be able to hotlinked our thumbnails. The thumbnail images have this sort of filename format
filenameabc_100_cw100_ch100_thumb.jpg
filenameabc_100_cw100_ch100_thumb.png
filenamexyz123_100_cw100_ch100_thumb.png
eg the filenames all end with _thumb.ext
So what I would like to do is to modify the above .htaccess to globally block all access with the exception of the filenames ending in thumb eg *_thumb.jpg or *_thumb.png
I don't have the first idea about how to write such a rule.
If anyone has any ideas I would be most grateful.
Modifying the rule-set in the question:
You may try this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteabc.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sitexyz.com [NC]
# Add this other exception
RewriteCond %{REQUEST_URI} !_thumb\. [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://example.com/images/bandwidth.png [NC,R,L]
So I'm trying to protect FLV files using htaccess.
Basically I want to block direct access to the .flv (so blank referrer) and block hotlinking from any website that isn't my own.
I'm doing this from a WordPress install but it's not on the root, it's in a subdirectory. so mydomain.com/test/videos/
I've tried the following code but I am still able to type a direct filename of the flv and chrome will download the file, so it isn't working:
RewriteEngine on
RewriteBase /test/videos/
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.co.uk(/)?.*$ [NC]
RewriteRule \.(flv)$ templates/images/logo.jpg [L,NC]
Any ideas where this is going wrong? it doesn't return a server error.
Try this one:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.co.uk/test/videos [NC]
RewriteRule \.(flv)$ - [NC,F,L]