Page 1 of 2
Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 7:20 pm
by intellivision
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?matthewsvolvosite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.matthewsvolvosite.com/images/hotlink.gif [L]
I'm following the tutorial from
here. My .htaccess file is in my site's root, and does contain code after that shown above, but the [L] directive should make that irrelevant.
If you can see this, it's still not working:
Anyone have any ideas why?
Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 10:39 pm
by Chris Corbyn
Does your Apache server deal with the .htaccess file? It AllowOverride is turned off then .htaccess files will be ignored.
Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 10:45 pm
by intellivision
Thanks for responding, Chris.
Yes it certainly does. There's actually a load of directives after that which are executed.
Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 10:49 pm
by Chris Corbyn
And if you remove the <IfModule mod_rewrite.c>...</IfModule> part, leaving just the directives inside it does it do the same thing? Or do you get an internal server error 500?
Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 10:57 pm
by intellivision
Removed. Everything is functioning (or not) as it did before. Rewrites are rewriting etc.
Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 10:59 pm
by intellivision
Just for fun I removed everything in the file except lines 2-6, above. This page still showed the image.

Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 11:01 pm
by Chris Corbyn
If you remove the line:
[text]RewriteCond %{HTTP_REFERER} !^$[/text]
What happens? I know it will break when a referer has not been sent, but I'm curious if this is being handled incorrectly.
Re: Anti-hotlinking .htaccess code not working
Posted: Tue Mar 31, 2009 11:23 pm
by intellivision
I removed that line, and things still seem to be working the same.
First three lines:
Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?matthewsvolvosite\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.matthewsvolvosite.com/images/hotlink.gif [L]
I tested that my server was not caching .htaccess by removing a line that redirects with a 301, and when I did it did not redirect the page. I also looked for another .htaccess in /images/ but there is none.
It's going to be something embarrassing, something simple. I know it.
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 4:39 am
by josh
case sensitivity. You are on linux.
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 9:09 am
by Chris Corbyn
josh wrote:case sensitivity. You are on linux.
Bingo!
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 9:24 am
by John Cartwright
Does anyone have a general idea on how reliable using HTTP_REFERER in this day and age is? I understand you should never rely on it, but for statistical and hotlinking purposes, this would be useful to know.
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 9:29 am
by Chris Corbyn
John Cartwright wrote:Does anyone have a general idea on how reliable using HTTP_REFERER in this day and age is? I understand you should never rely on it, but for statistical and hotlinking purposes, this would be useful to know.
Yeah never rely on it, it's easily forged and can easily be disabled (quite a few of my colleagues browse with referrers turned off). But for stats and hotlinking (non-critical stuff) it's pretty much what you've got to go on.
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 9:36 am
by intellivision
josh wrote:case sensitivity. You are on linux.
Yes! I changed the line to
Code: Select all
RewriteRule .*\.(jpe?g|JPG|gif|bmp|png)$ http://www.matthewsvolvosite.com/images/hotlink.gif [L]
and it worked. I'm angry at myself for letting uppercase extensions into my work.
Now I must alert some partners of my site that images they're using will be replaced. Webmastering is complicated.
Josh and Chris, thank you.
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 9:38 am
by John Cartwright
//sorry for temp hijack
Chris Corbyn wrote:John Cartwright wrote:Does anyone have a general idea on how reliable using HTTP_REFERER in this day and age is? I understand you should never rely on it, but for statistical and hotlinking purposes, this would be useful to know.
Yeah never rely on it, it's easily forged and can easily be disabled (quite a few of my colleagues browse with referrers turned off). But for stats and hotlinking (non-critical stuff) it's pretty much what you've got to go on.
Yea.. as I've sadly noticed. More specifically in my situation we would be posting ads on various websites. Some of which are more secure with what you are allowed to post. Up to now, I have squeeked through the cracks by having a javascript snippet generate the link whilst passing window.location params, but on sites like craiglist they whitelist their tags and attributes to the max, it's obviously not possible (and with good reason

). Oh well, it was fun while it lasted.
Re: Anti-hotlinking .htaccess code not working
Posted: Wed Apr 01, 2009 10:09 am
by Chris Corbyn
intellivision wrote:josh wrote:case sensitivity. You are on linux.
Yes! I changed the line to
Code: Select all
RewriteRule .*\.(jpe?g|JPG|gif|bmp|png)$ http://www.matthewsvolvosite.com/images/hotlink.gif [L]
How about something more scalable?
Code: Select all
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://www.matthewsvolvosite.com/images/hotlink.gif [NC, L]