Prevent Hotlinking on HTTPS


#1

The https://help.dreamhost.com/hc/en-us/articles/216363197-How-do-I-prevent-image-hotlinking- has the following but what now a day all the site are https, hence how do we do it…?

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?example\.com(/.*)*$ [NC,OR]
RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|mng|MNG)$ - [F]

#2

Either change the http to https or remove the protocol from the code.

However, that code does not account for all the visitors who do not come with a referrer. That’s a lot of users nowadays.

The anti-Hotlinking code will backfire on you. There will be a lot of visitors blocked from viewing images on your site. Its not a viable solution. Just let them hotlink. You’re not paying for bandwidth.


#3

Dittos to what @keyplyr said, but if you still want to prevent the hotlinks…

Put this after your RewriteCond line to handle what he said about visitors without a referer.

RewriteCond %{HTTP_REFERER} !^$

In your Cond line, to allow for either protocol, change from “http:” to “http(s?):”.
Or you can use common code to rewrite http to httpS before you get to this condition (be sure not to use the L option to force the redirect).


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.