How to prevent specific hotlinking


#1

I’m trying to prevent a specific domain from hotlinking my images. I’ve followed the instructions on the Dreamhost wiki to change my htaccess file but it only results in http 500 errors when I try to view my web site. So far I’ve only managed to set htaccess to prevent all except my site. What do I need to do to allow all except x domain?[hr]
Oh, here’s what is working:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.net(/)?.$ [NC]
RewriteRule .
.(jpeg|jpg|gif|bmp|png)$ http://domain.com/hotlink.jpg [NC,R]

Here’s what’s not working:
RewriteConnd %{HTTP_REFERER} !^http://(www.)?baddomain.com/ [NC]
RewriteRule .*.(jpeg|jpg|gif|bmp|png)$ http://domain.com/hotlink.jpg [NC,R]


#2

are you trying to block all domains but your site, or just a few specific problem domains? in your not working example, the ! means if it’s not baddomain.com, which seems to be the opposite of what you want. also it says Connd (extra N) in you post but i’ll assume that’s just a typo in your post.

since you are rewriting all .jpg requests you’re in an infinite rewrite loop because http://domain.com/hotlink.jpg gets rewritten. you probably need another condition that it’s not hotlink.jpg before rewriting it.

if you were trying to block everyone but you (you said you’re looking to block a specific domain), keep in mind that some browsers won’t send the referrer at all – some internet security products block it so you can’t track where they came from. also some other internet security products send junk for the referrer such as “field blocked by super-secure internet security software,” but you can’t deal with that unless you’re blocking specific hotlinking sites. of course browsers that send missing / junk referrers are going to be immune to your hotlink protection.


#3

[quote=“misterhaan, post:2, topic:53434”]
are you trying to block all domains but your site, or just a few specific problem domains? in your not working example, the ! means if it’s not baddomain.com, which seems to be the opposite of what you want. also it says Connd (extra N) in you post but i’ll assume that’s just a typo in your post.[/quote]
Hi misterhaan, I’m trying to block only certain ones. I’m currently set up to “block all but x” but I want to do the opposite “allow all except x”.

Sorry, I don’t understand the “extra N” reference. Are you talking about the NC tags at the end of the lines? I’m only vaguely familiar with htaccess and I’m getting my info from various web sites and basically cutting-n-pasting the commands. The lines above are exactly the lines I’m trying to use in htaccess.


#4

He means that “RewriteConnd” (with two "n"s) should be “RewriteCond”, with one “n”.


#5

right, i meant Connd should be Cond.

try this:
RewriteCond %{HTTP_REFERER} ^http://(www.)?baddomain.com/ [NC]
RewriteRule .*.(jpeg|jpg|gif|bmp|png)$ http://domain.com/hotlink.jpg [NC,L]

changes are Connd to Cond on the first line and remove the ! on the referrer check so it matches if it is from baddomain.com, and change the R (redirect) option to L (last) so it keeps the same URL but also doesn’t then try to rewrite http://domain.com/hotlink.jpg again.

here’s what i’m using on my site to block hotlinked images from myspace:

RewriteCond %{HTTP_REFERER} ^http://([^.]+.)?myspace.com/.*$ [NC]
RewriteRule .(png|jpe?g) http://www.track7.org/hotlink.png [L]

it’s pretty similar. i’m blocking all subdomains with [^.]+ instead of www and included .$ at the end (which is no different than leaving it off). for the rule i only use png and jpeg format images (jpe?g matches either jpg or jpeg) in lower case, so i don’t need [NC]. i also have a couple php-generated images so no $ at the end. i don’t start with . at the beginning but since i don’t start with ^ either that’s implied.


#6

Hmm…following your 2 examples:

This resulted in an Internal Server Error and “Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.”:
RewriteConnd %{HTTP_REFERER} ^http://([^.]+.)?ramenworld.com/.*$ [NC]
RewriteRule .(png|jpe?g) http://img830.imageshack.us/img830/1380/ramenhotlink.jpg [NC,L]

However, this seems to work:
RewriteCond %{HTTP_REFERER} ^http://(www.)?ramenworld.com/ [NC]
RewriteRule .*.(jpeg|jpg|gif|bmp|png)$ http://img830.imageshack.us/img830/1380/ramenhotlink.jpg [NC,L]

Thanks, misterhaan!


#7

OK, that site that’s hotlinking to you is just plain bizarre… I’m not sure what alternate universe they’re in, but they’re trying to sell “ramen bowls” for thousands of dollars. Crazy!


#8

Yes…haha, I agree. Very bizarre. Thanks for your help again!