Image bandwidth theft using mod_rewrite directives


#1

Ok, what have I done wrong this time? :frowning: To try and prevent image bandwidth theft, I have included the following lines to my .htaccess file: [each RewriteCond is on one line]

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://example.com/ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.example.com/ [NC]
RewriteRule [^/]+.(gif|jpg|bmp)$ - [F,NC]

The code seems to work only if people are trying to directly link to http://example.com/pic.gif, but it won’t work if people link to http://www.example.com/pic.gif

Changing the code to the following does not make a difference: [each RewriteCond is on one line]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com(/)?.$ [NC]
RewriteRule .
.(gif|jpg|bmp)$ - [F,NC]

Any help/advice would be greatly appreciated.

  • marsbar

#2

I’m just a beginner with regex, but I’d say that you’ve forgotten to escape the period in “example.com” in both your blocks, and in “+.(gif” in the first block.


TorbenGB . . . Get a free WebID


#3

You can change the second and third line with:

RewriteCond %{HTTP_REFERER} !^http://(..)?example.com.$ [NC]

I use some \ to escape chars and this may be a big difference in some cases.


#4

Many thanks for responding, Torben and GFv.

Unfortuantely, the old problem will not go away (i.e. rules are only effective against direct links to http://example.com/pic.gif , but not http://www.example.com/pic.gif). Worse still, RewriteCond %{HTTP_REFERER} !^$ seems to have caused access problem for some people. Today I received some reports from visitors saying that they had not been able to access my site due to an internal server error (HTTP error 500).

I have also tried the example shown in this KB article: https://panel.dreamhost.com/kbase/index.cgi?area=2713
While the 500 error is gone, I am still left with the original problem. :frowning:

  • marsbar

#5

Look in your error.log and find out what the actual errors were. mod_rewrite has pretty decent logging.

nate.


#6

Thank you for responding, Nate.

The actual error: RewriteCond: bad argument line ‘%{HTTP_REFERER}!^$’

Site access has been restored; however, a new problem cropped up (on top of the original problem described in my first post) earlier, leaving me with no choice but to remove the entire block of anti-bandwidth theft code. The code was also preventing my own domain from linking to (my own) images.

I have visited a number of other sites and tried out their code and instructions (all are basically the same), yet all with the same results: I must be doing something wrong. Arrgh!

Help! :frowning:

  • marsbar

#7

The following rules, courtesy of Reid Stott of photodude.com, seem to work for me:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.png$ [NC]
RewriteCond %{HTTP_REFERER} ^[http|nttp].
$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !example.com [NC]
RewriteRule .(gif|jpg|png)$ - [F,NC,L]

-marsbar