Prevent hotlinking, no "www" - .htaccess

I have read many website tutorials about hotlinking protection.
Waste of time.
So I decided to ask here.
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
http://www.domain.com/image.png = Protected
http://domain.com/image.png = Unprotected
Adding
RewriteCond %{HTTP_REFERER} !^http://(.+.)?domain.com [NC]
Actually
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Did not worked.

Try this rule:
RewriteCond %{HTTP_REFERER} !domain\.com [NC]
RewriteRule \.(jpe?g|png|gif)$ - [NC,F,L]

Related

.htaccess allow images in one subfolder

I have a website and .htaccess file that disable the access to all images and pdf file.
I added a new sub-folder and I need to allow the outside access to the images and PDFs in this sub folder.
How do I do it?
RewriteEngine on
AuthName "myname"
AuthUserFile "/home/virtual/website/.htpasswds/public_html/mywebsite/passwd"
<files ~ "^(admin(.*)\.(php|js))$">
require valid-user
</files>
RewriteCond %{HTTP_REFERER} !^http://website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|pdf)$ - [F,NC]
Just add another RewriteCond to check for sub-folder:
RewriteCond ${REQUEST_URI) !^/sub-folder/ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com$ [NC]
RewriteRule \.(jpe?g|gif|png|bmp|pdf)$ - [F,NC]
You should be able to add a condition to exclude the sub folder
RewriteCond %{HTTP_REFERER} !^http://website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.com$ [NC]
RewriteCond %{REQUEST_URI} !^/subfolder [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|pdf)$ - [F,NC]

Stopping hotlinking from subdomains

We serve images from both our www. and img1/2/3 subodmains. The rule we have successfully blocks hotlinking from the www. but not the img1/2/3. Two part question: Why do the img1/2/3 not work when the www does and is there a way to economize this into one rule?
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain.org [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Thanks a lot.
You need to use the OR flag in the first three conditions or, alternatively, collapse the three conditions into one.
OR flag:
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain\.org [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]
Collapse into one condition
RewriteCond %{HTTP_REFERER} !^http(s)?://((www|img(1|2|3)\.)?domain\.org [NC]

How to fix https not work htaccess in hotlink protection

How to fix https not work htaccess in hotlink protection
i using htaccess in hotlink protection. Its work on normal http
and not work in https how to rewrite ?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.net [NC]
RewriteCond %{HTTP_USER_AGENT} !.*google.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iphone.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iPad.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*Android.* [NC]
RewriteRule \.(flv|mp4|jpg|jpeg|png|gif)$ - [NC,F,L]
Sometimes, there's security profiles that don't send referers when you're navigating a site using HTTPS. You could try just ignoring the hotlink protection in this case:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?XXX.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?XXX.net [NC]
RewriteRule ^ - [L]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?XXX.net [NC]
RewriteCond %{HTTP_USER_AGENT} !.*google.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iphone.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*iPad.* [NC]
RewriteCond %{HTTP_USER_AGENT} !.*Android.* [NC]
RewriteRule \.(flv|mp4|jpg|jpeg|png|gif)$ - [NC,F,L]

Hotlink prevention only for a certain website

RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
This is what I use at the moment (auto-generated from my cPanel).
Is there a way that I enable this hotlink protection only from a certain website, e.g. site.com?
Or another option is to disabe it for certain websites - trustedsite1.com, trustedsite2.com
Any of those two options suit me well.
To block hotlinking from a specific site:
RewriteCond %{HTTP_REFERER} ^https?://site.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
To allow from trustedsite1 and trustedsite2, just add additional conditions:
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite2.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]

Disable Hotlinking in General, but allow for subdomain

So I want to disable Hotlinking in general but allow it for the subdomain "thumbs". My .htaccess is as the following:
#HOTLINKING
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.* [NC]
RewriteCond %{HTTP_HOST} !^thumbs.domain.com [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
However, it does not work! How can I fix this?
You are mixing HTTP_REFERER and HTTP_HOST. You should only use HTTP_REFERER. So:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://thumbs\.domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]
or even shorter matching all subdomains (and domains ending in 'domain.com' but that's very unlikely)
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !domain\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} !hotlink\.png$
RewriteRule .*\.(png)$ http://domain.com/hotlink.png [R=302,L]

Resources