Hotlinking. The very idea drives me crazy that anyone would attempt such a cheap tactic. Consider the following mod_rewrite technique for preventing hotlinking:
Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER}
!^http://(www\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^http:// [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpg|gif|png)& - [F]1) There are many more types of files which you may wish to prevent hotlinking (pdf downloads, etc?) than just the listed files. Perhaps you can change this to prevent hotlinking to anything but HTML files?
2) Isn't HTTP_REFERER a variable which you can spoof? Could you not request a resource from another web site and spoof the HTTP_REFERER