.htaccess confusion


Hey Dreamhost-Comrades!
I hope the Christmas holiday has been treating everyone kindly! I’ve been trying to figure out this .htaccess stuff for a little while and feel that I’ve come to a dead end without feedback. So!
What I am looking for is a .htaccess that won’t allow people to hotlink, I would like to take directory searching off, I would like to ban sites from accessing my files, (.mp3, .avi, .wmv, .zip) if at all possible, make it so that people can’t access my files unless it’s coming from my site (i.e. the referrer is my site)…but only on media files, not on HTML…I don’t want any direct linking at all

I realize this all sounds like an impossible task, and it probably is… but this is what I have come up with so far… can you guys tell me if it’s correct?

initialize and enable rewrite engine

RewriteEngine on

stop hotlinking and serve alternate content

RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com/.*$ [NC] # serve a standard 403 forbidden error page RewriteRule .*\.(gif|jpg)$ - [F,L]

deny access to evil robots site rippers offline browsers and other nasty scum

RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.
- [F,L]

AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user

instruct browser to download multimedia files

AddType application/octet-stream .avi
AddType application/octet-stream .mpg
AddType application/octet-stream .wmv
AddType application/octet-stream .mp3

secure htaccess file

<Files .htaccess>
order allow,deny
deny from all

<FilesMatch “.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>
Order Allow,Deny
Deny from all

disable directory browsing

Options All -Indexes

prevent folder listing

IndexIgnore *

So… what do you guys think?
I appreciate all your help and assistance with this, I realize I am asking a real noob question, so any reply is truly appreciated!



Have you checked out the panel’s new features under “Goodies/Htaccess”?

That said, I’m sure you can have much finer-grained control through handcoding your .htaccess file.

Use promo code [color=#CC0000]50DISK50[/color] for 50% extra disk and $50 off
More Dreamhost coupons


Hi Lensman!
Thanks for the reply. I did try to use the Panel’s Htaccess for a year, but it did not work for me.

I’ve been reading a bit up on it.

Question>> Could I just write:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpe?g|gif|png)$ - [F]

But… is there anyway with that rule I can say, allow people to refer to a .html page, so that pages can link to me, but not hotlink?

Thanks for your responce, I do appreciate it!


Anyone’s “in the know” willing to lend some advice?