.htaccess allow images in one subfolder - .htaccess

I have a website and .htaccess file that disable the access to all images and pdf file.
I added a new sub-folder and I need to allow the outside access to the images and PDFs in this sub folder.
How do I do it?
RewriteEngine on
AuthName "myname"
AuthUserFile "/home/virtual/website/.htpasswds/public_html/mywebsite/passwd"
<files ~ "^(admin(.*)\.(php|js))$">
require valid-user
</files>
RewriteCond %{HTTP_REFERER} !^http://website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|pdf)$ - [F,NC]

Just add another RewriteCond to check for sub-folder:
RewriteCond ${REQUEST_URI) !^/sub-folder/ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com$ [NC]
RewriteRule \.(jpe?g|gif|png|bmp|pdf)$ - [F,NC]

You should be able to add a condition to exclude the sub folder
RewriteCond %{HTTP_REFERER} !^http://website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com$ [NC]
RewriteCond %{REQUEST_URI} !^/subfolder [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|pdf)$ - [F,NC]

Related

Hotlink Protection from .htaccess not working

I have tried using .htaccess file for hotlink protection. But I don't seem to get it to work. Any help will be highly appreciated.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?templatesumo\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?google\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?google\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?bing\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?bing\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yahoo\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?yahoo\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?ask\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?ask\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?pinterest\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?pinterest\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?facebook\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?facebook\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?twitter\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?(.*\.)?twitter\.(.+)/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|png)$ https://i.imgur.com/VjYukxC.png [R,L]
</IfModule>

How to fix https not work htaccess in hotlink protection

How to fix https not work htaccess in hotlink protection
i using htaccess in hotlink protection. Its work on normal http
and not work in https how to rewrite ?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.net [NC]
RewriteCond %{HTTP_USER_AGENT} !.*google.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iphone.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iPad.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*Android.* [NC]
RewriteRule \.(flv|mp4|jpg|jpeg|png|gif)$ - [NC,F,L]
Sometimes, there's security profiles that don't send referers when you're navigating a site using HTTPS. You could try just ignoring the hotlink protection in this case:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?XXX.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?XXX.net [NC]
RewriteRule ^ - [L]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.net [NC]
RewriteCond %{HTTP_USER_AGENT} !.*google.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iphone.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iPad.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*Android.* [NC]
RewriteRule \.(flv|mp4|jpg|jpeg|png|gif)$ - [NC,F,L]

Prevent hotlinking, no "www"

I have read many website tutorials about hotlinking protection.
Waste of time.
So I decided to ask here.
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
http://www.domain.com/image.png = Protected
http://domain.com/image.png = Unprotected
Adding
RewriteCond %{HTTP_REFERER} !^http://(.+.)?domain.com [NC]
Actually
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Did not worked.
Try this rule:
RewriteCond %{HTTP_REFERER} !domain\.com [NC]
RewriteRule \.(jpe?g|png|gif)$ - [NC,F,L]

Hotlink prevention only for a certain website

RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
This is what I use at the moment (auto-generated from my cPanel).
Is there a way that I enable this hotlink protection only from a certain website, e.g. site.com?
Or another option is to disabe it for certain websites - trustedsite1.com, trustedsite2.com
Any of those two options suit me well.
To block hotlinking from a specific site:
RewriteCond %{HTTP_REFERER} ^https?://site.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
To allow from trustedsite1 and trustedsite2, just add additional conditions:
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite2.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]

Disable Hotlinking in General, but allow for subdomain

So I want to disable Hotlinking in general but allow it for the subdomain "thumbs". My .htaccess is as the following:
#HOTLINKING
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.* [NC]
RewriteCond %{HTTP_HOST} !^thumbs.domain.com [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
However, it does not work! How can I fix this?
You are mixing HTTP_REFERER and HTTP_HOST. You should only use HTTP_REFERER. So:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://thumbs\.domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
or even shorter matching all subdomains (and domains ending in 'domain.com' but that's very unlikely)
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]

Resources