0

I use this as anti-hotlink protection for images. example.com is the domain which is allowed to hotlink images while all other domains are denied. This code also allows direct requests to image files using a browser's URL bar, but not hotlinking from another site.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteRule .*\.(.*.*.*gif|jpg|jpeg|png|bmp|tif|tiff)$ [url]http://example.com/403.shtml[/url] [R,NC]

This example blocks entire file extensions. As an alternative, does anyone know how to change the info in the last line of this so that it will block hotlink access to a specific file such as example.jpg or even example.php?

2
Contributors
5
Replies
7
Views
5 Years
Discussion Span
Last Post by vectro
0

I use this as anti-hotlink protection for images. example.com is the domain which is allowed to hotlink images while all other domains are denied. This code also allows direct requests to image files using a browser's URL bar, but not hotlinking from another site.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteRule .*\.(.*.*.*gif|jpg|jpeg|png|bmp|tif|tiff)$ [url]http://example.com/403.shtml[/url] [R,NC]

This example blocks entire file extensions. As an alternative, does anyone know how to change the info in the last line of this so that it will block hotlink access to a specific file such as example.jpg or even example.php?

Vectro:

To restrict access to a specific file, add the following code block and edit the file name, “secretfile.php”, with the name of the file that you wish to protect:

You can put this in a your site's root .htaccess or an .htaccess of it's own in the directory that contains /path/to/secretfile.php.

# prevent viewing of a specific file
<files secretfile.php>
 order allow,deny
 deny from all
</files>

Sometimes I will make you do the work, and sometimes I won't.
Here's a freebie: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

0

Vectro:

To restrict access to a specific file, add the following code block and edit the file name, “secretfile.php”, with the name of the file that you wish to protect:

You can put this in a your site's root .htaccess or an .htaccess of it's own in the directory that contains /path/to/secretfile.php.

# prevent viewing of a specific file
<files secretfile.php>
 order allow,deny
 deny from all
</files>

Sometimes I will make you do the work, and sometimes I won't.
Here's a freebie: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

I believe your code would restrict ALL access to that file, not just hotlinkers. So, I don't believe this would help me. I'm also aware of the page you linked. It includes examples of hotlink protection for entire extensions, but not for individual files.

I think someone in another forum has showed me something more along the lines of what I need. I haven't test it yet, but just to show you:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/ [NC]
RewriteRule ^browse\.php$ http://example.com/403.shtml [R,NC]

I think this would restrict hotlink access to browse.php while still alowing example.com to link to it and would also allow direct requests via the URL bar in the browser. Can anyone confirm this?

Edited by vectro: n/a

0

I finally got around to testing the above code myself and it worked perfectly.

Edited by vectro: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.