Develop Reference

What changes should I have to implement in my .htaccess if I want to allow specific URL but prevent on all others?

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?site1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?site2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^$
RewriteRule \.(jpg|jpeg|png|gif|js|css)$ - [NC,F,L]
The above code is doing the opposite for me. I want to a site1 and site2 but prevent all others.

You should have your .htaccess rules file in following manner. Please make sure to clear your browser cache before testing your URLs.
RewriteEngine on
RewriteCond %{HTTP_HOST} ! ^https?://(?:www\.)?(?:site1|site2)\.com$ [NC]
RewriteRule \.(jpg|jpeg|png|gif|js|css)$ - [NC,F,L]

htaccess rule to protect some files independent from from protocoll and host

I have an htaccess to limit the access to files to a direct click in the website. Copy the link send to another one and open it should be forbid.
My htaccess works well
RewriteCond %{HTTP_REFERER} !^http://localhost.*$ [NC]
RewriteRule ^.*$ - [NC,R=403,L]
Now I tried to make it more variable to protocol and host, but now nobody can access the files. The code should do the same as above only with variable http(s) and localhost part ...
RewriteCond %{HTTPS} =on
RewriteRule ^ - [env=proto:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^ - [env=proto:http]
RewriteCond %{HTTP_REFERER} !^%{ENV:proto}://%{HTTP_HOST}.*$ [NC]
RewriteRule ^.*$ - [NC,R=403,L]
I don't see the error. Can someone help to solve this?

If you change variables to manual entries, will it work?
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^(http://|https://)(www.)?(example.com).*$ [NC]
RewriteRule ^.*$ - [NC,R=403,L]

Stopping hotlinking from subdomains

We serve images from both our www. and img1/2/3 subodmains. The rule we have successfully blocks hotlinking from the www. but not the img1/2/3. Two part question: Why do the img1/2/3 not work when the www does and is there a way to economize this into one rule?
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain.org [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Thanks a lot.

You need to use the OR flag in the first three conditions or, alternatively, collapse the three conditions into one.
OR flag:
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain\.org [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]
Collapse into one condition
RewriteCond %{HTTP_REFERER} !^http(s)?://((www|img(1|2|3)\.)?domain\.org [NC]

How to exclude certain filenames from being Hotlinked Blocked in .htaccess

I've currently got the following in my .htaccess of my photo folder.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteabc.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sitexyz.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://example.com/images/bandwidth.png [NC,R,L]
This blocks all not allowed domains from hotlinking our photo files and displays the http://example.com/images/bandwidth.png in it's place.
However, what I would like to do is to allow sites to be able to hotlinked our thumbnails. The thumbnail images have this sort of filename format
filenameabc_100_cw100_ch100_thumb.jpg
filenameabc_100_cw100_ch100_thumb.png
filenamexyz123_100_cw100_ch100_thumb.png
eg the filenames all end with _thumb.ext
So what I would like to do is to modify the above .htaccess to globally block all access with the exception of the filenames ending in thumb eg *_thumb.jpg or *_thumb.png
I don't have the first idea about how to write such a rule.
If anyone has any ideas I would be most grateful.

Modifying the rule-set in the question:
You may try this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteabc.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?sitexyz.com [NC]
# Add this other exception
RewriteCond %{REQUEST_URI} !_thumb\. [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://example.com/images/bandwidth.png [NC,R,L]

Allow/deny image hotlinking with .htaccess

So I've got this in my site .htaccess file to prevent hotlinking of images, JS and CSS from all other domains.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Question: How would I selectively allow one or two domains to hotlink?

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Will work, as this says.
"Refererr is not nothing, and referer is not matching mydomain and referer is not matching otherdomain.
If it were the case that you were trying to do the opposite (blacklist a set of domains from hotlinking) you'd do something like
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain2\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]

Just add another condition before the RewriteRule for each domain you want to allow.
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC]
(presumably you don't care if the request is via http or https or whatever, so you can leave that out to make it more generic)