.htaccess image hotlink protection not working

dombrorj · Share | #1 (**permalink**) 02-06-2010, 05:32 PM

I'm trying to put a stop to image hijacking with the following .htaccess code, but I can't figure out why it won't work .

I've tried placing the file in the root directory and the actual image directory, and neither work. Strangely, I've tested other rewrite rules, and they work fine (non-www to www addresss, for example).

I've tested by using free hotlink checkers and by trying to hotlink from my other domains, and been sure to clear cache on each test. No luck making it work though.

Am I missing something?

Edit: I just tried on a different domain, and the code below is blocking www hotlinking, but not when the www is not used to link to the image.

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mysite\.com [NC]
RewriteRule \.(jpe?g|png|gif)$ - [NC,F]

drmike · #2 (**permalink**) 02-06-2010, 05:51 PM

I used this tool:

http://www.htaccesstools.com/hotlink-protection/

And this is what I came up with:

Code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

That goes in root by the way.

Please note the change in the use of https. I'm kind of wondering about your code considering that. My understanding is with the s in there like you have it, it'll only work with a secure connection while mine makes it optional.

I hate htaccess rules though and have no idea what I'm doing. What why I used the formentioned tool.

dombrorj · #3 (**permalink**) 02-07-2010, 07:08 AM

Thanks drmike,

Unfortunately, that didn't work either. I used a number of combinations from various online tools like the one you mentioned, and can't seem to get any of them to work.

There must be something else going on with my Apache server or something. Just can't put my finger on it.

drmike · #4 (**permalink**) 02-07-2010, 07:10 AM

You're not using a host that only reads the .htaccess file once an hour, are you? There's a couple of them out there.

dombrorj · #5 (**permalink**) 02-07-2010, 07:14 AM

Quote:

Originally Posted by drmike

You're not using a host that only reads the .htaccess file once an hour, are you? There's a couple of them out there.

I'm on a dedicated server and should work instantly. But I think there's something funny like that going on.

drmike · #6 (**permalink**) 02-07-2010, 07:20 AM

Some quick google'ing pulls up this thread:

http://www.webhostingtalk.com/archiv.../t-265867.html

Can you please check to see if there's anything in the webserver's error logs and what's listed as your AccessFileName in the config files?