So I've got this in my site .htaccess file to prevent hotlinking of images, JS and CSS from all other domains.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Question: How would I selectively allow one or two domains to hotlink?
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Will work, as this says.
"Refererr is not nothing, and referer is not matching mydomain and referer is not matching otherdomain.
If it were the case that you were trying to do the opposite (blacklist a set of domains from hotlinking) you'd do something like
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain2\.com [NC]
RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L]
Just add another condition before the RewriteRule for each domain you want to allow.
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC]
(presumably you don't care if the request is via http or https or whatever, so you can leave that out to make it more generic)
Related
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?site1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?site2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^$
RewriteRule \.(jpg|jpeg|png|gif|js|css)$ - [NC,F,L]
The above code is doing the opposite for me. I want to a site1 and site2 but prevent all others.
You should have your .htaccess rules file in following manner. Please make sure to clear your browser cache before testing your URLs.
RewriteEngine on
RewriteCond %{HTTP_HOST} ! ^https?://(?:www\.)?(?:site1|site2)\.com$ [NC]
RewriteRule \.(jpg|jpeg|png|gif|js|css)$ - [NC,F,L]
have added hotlink protection to my .htaccess file. It works fine and stops images and pdf's loading if they are called from another domain. However, I don't want files to be blocked if people follow a link to them from within my domain. For example, if there is a link to www.mydomain.com/file.pdf on the page www.mydomain.com/somefile.htm, at the moment that pdf will be blocked from loading. Is it possible to stop this happening?
Thanks
.htaccess code:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|JPG|pdf)$ - [F,NC]
We serve images from both our www. and img1/2/3 subodmains. The rule we have successfully blocks hotlinking from the www. but not the img1/2/3. Two part question: Why do the img1/2/3 not work when the www does and is there a way to economize this into one rule?
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain.org [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain.org [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Thanks a lot.
You need to use the OR flag in the first three conditions or, alternatively, collapse the three conditions into one.
OR flag:
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img1\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img2\.)?domain\.org [NC,OR]
RewriteCond %{HTTP_REFERER} !^http(s)?://(img3\.)?domain\.org [NC]
RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]
Collapse into one condition
RewriteCond %{HTTP_REFERER} !^http(s)?://((www|img(1|2|3)\.)?domain\.org [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
This is what I use at the moment (auto-generated from my cPanel).
Is there a way that I enable this hotlink protection only from a certain website, e.g. site.com?
Or another option is to disabe it for certain websites - trustedsite1.com, trustedsite2.com
Any of those two options suit me well.
To block hotlinking from a specific site:
RewriteCond %{HTTP_REFERER} ^https?://site.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
To allow from trustedsite1 and trustedsite2, just add additional conditions:
RewriteCond %{HTTP_REFERER} !^http://website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.website.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://trustedsite2.com/.*$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|rar)$ http://website.net/news.php [R,NC]
I'm preventing hotlinking with this in htaccess:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]
However, I'd like to allow certain specified images to be hotlink-able, how do I do this?
I can't find anything about it online.
Thanks,
Colin
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteCond %{REQUEST_URI} !^images/allow-hotlink/.+\.(gif|jpe?g|png)$
RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L]
you can add another rewrite condition like so:
RewriteCond %{REQUEST_URI} !^whitelisted-directory/.*
but its more efficient and easier just to add one write rule that does nothing above and declare it at last like so:
RewriteRule ^(whitlistet-directory1|whitelisted-directory2) - [L]