Stopping hotlinking from subdomains - .htaccess

We serve images from both our www. and img1/2/3 subodmains. The rule we have successfully blocks hotlinking from the www. but not the img1/2/3. Two part question: Why do the img1/2/3 not work when the www does and is there a way to economize this into one rule?
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain.org [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Thanks a lot.

You need to use the OR flag in the first three conditions or, alternatively, collapse the three conditions into one.
OR flag:
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain\.org [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]
Collapse into one condition
RewriteCond %{HTTP_REFERER} !^http(s)?://((www|img(1|2|3)\.)?domain\.org [NC]

Related

Changes to my .htaccess file made my site very slow. What did I do wrong, and how can I fix?

I recently made changes to my .htaccess file as instructed on http://www.roimarketing.co.nz/articles/what-is-referrer-spam-how-can-you-block-it/
I had been having problems with bots crawling my site and making it hard to interpret analytics on it. After adding the code shown in the link above, the site takes a minute+ to load each page where-as before it took barely 5 seconds. What did I do wrong, and how can I fix? Chances are I'm making a rookie mistake I've overlooked.
Website in question: royalelectric.com
I edited the .htaccess file from my /public_html/ directory.
Here was my old .htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Here is my new .htaccess file:
## STOP REFERRER SPAM ##
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?4webmasters\.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?site1.free-share-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?site2.free-share-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?site3.free-share-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?site4.free-share-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?anticrawler\.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?addons\.mozilla\.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?baidu\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?bestwebsitesawards\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?best-seo-solution\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?best-seo-offer\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?blackhatworth\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buttons-for-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buttons-for-your-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buy-cheap-online\.info [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?econom\.co [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?darodar\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?sanjosestartups\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?free-social-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?guardlink\.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?event-tracking\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?domination\.ml [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?hulfingtonpost\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?Get-Free-Traffic-Now\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?googlsucks\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?free-share-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?humanorightswatch\.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?ilovevitaly\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?7makemoneyonline\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?o-o-6-o-o\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?priceg\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?social-buttons\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?smailik\.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?theguardlan\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?simple-share-buttons\.com [NC]
RewriteRule .* – [F]
## STOP REFERRER SPAM ##
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Any help you can give me here would be greatly appreciated, as I'm sick of dealing with the bots screwing up my analytics but I don't want to sacrifice load times to fix the problem.
Thanks!
The simple rewrite rules shouldn't slow down your website. Unless there is some misplaced code causing it, check if the rest of the code is ok, and since this file is very sensitive always make a backup before editing it, because it can shut down your site.
Most of those lines are useless because your are trying to block something that doesn't access your site. The only ones that are really useful are these 5 from crawlers
## STOP REFERRER SPAM ##
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?best-seo-solution\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?best-seo-offer\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?7makemoneyonline\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buttons-for-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buttons-for-your-website\.com [NC]
RewriteRule .* – [F]
## STOP REFERRER SPAM ##
To keep clean your .htaccess file, you should delete rest because that's ghost spam, it doesn't have any interaction with your website, and that's what these rules does, block the access to your website.
The ghost spam hits your reports directly, so to stop them the only solution is to create a filter in Google Analytics.
You can find more information about the solution and the spam here
https://stackoverflow.com/a/28354319/3197362
https://stackoverflow.com/a/29645325/3197362

How to fix https not work htaccess in hotlink protection

How to fix https not work htaccess in hotlink protection
i using htaccess in hotlink protection. Its work on normal http
and not work in https how to rewrite ?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.net [NC]
RewriteCond %{HTTP_USER_AGENT} !.*google.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iphone.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iPad.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*Android.* [NC]
RewriteRule \.(flv|mp4|jpg|jpeg|png|gif)$ - [NC,F,L]
Sometimes, there's security profiles that don't send referers when you're navigating a site using HTTPS. You could try just ignoring the hotlink protection in this case:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?XXX.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?XXX.net [NC]
RewriteRule ^ - [L]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.net [NC]
RewriteCond %{HTTP_USER_AGENT} !.*google.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iphone.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iPad.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*Android.* [NC]
RewriteRule \.(flv|mp4|jpg|jpeg|png|gif)$ - [NC,F,L]

Hotlink prevention only for a certain website

RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
This is what I use at the moment (auto-generated from my cPanel).
Is there a way that I enable this hotlink protection only from a certain website, e.g. site.com?
Or another option is to disabe it for certain websites - trustedsite1.com, trustedsite2.com
Any of those two options suit me well.
To block hotlinking from a specific site:
RewriteCond %{HTTP_REFERER} ^https?://site.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
To allow from trustedsite1 and trustedsite2, just add additional conditions:
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite2.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]

needed to remove image extension using htaccess

I need to change or redirect the "example.com/photos/logo.jpg" to "example.com/photos/logo" when user comes from google image search.
Therefore I've used:
RewriteCond %{REQUEST_URI} photos/.*\.(gif|jpg|jpeg|png)$ [NC]
RewriteCond %{HTTP_REFERER} ^http://www.google.[a-z]{2,4}(.[a-z]{2,4})?/url\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://www.bing.com/images/search?q=\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_USER_AGENT} !(.*bot.*|slurp) [NC]
RewriteRule ^gallery/(.*) /$1 [L,R=301]
Try:
RewriteCond %{HTTP_REFERER} ^http://www.google.[a-z]{2,4}(.[a-z]{2,4})?/url\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://www.bing.com/images/search?q=\?.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_USER_AGENT} !(.*bot.*|slurp) [NC]
RewriteRule ^photos/(.*)\.(jpe?g|png|gif)$ /photos/$1 [L,NC,R=301]

Disable Hotlinking in General, but allow for subdomain

So I want to disable Hotlinking in general but allow it for the subdomain "thumbs". My .htaccess is as the following:
#HOTLINKING
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.* [NC]
RewriteCond %{HTTP_HOST} !^thumbs.domain.com [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
However, it does not work! How can I fix this?
You are mixing HTTP_REFERER and HTTP_HOST. You should only use HTTP_REFERER. So:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://thumbs\.domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
or even shorter matching all subdomains (and domains ending in 'domain.com' but that's very unlikely)
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]

Resources