Sorry if this is in the wrong forum, I'm not exactly sure where I should post this.

I'm trying to put in some anti-leech commands in my .htaccess file to prevent people from hot linking my images outside my domain.

I have the following commands in my .htaccess file.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://daydreamgraphics.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.daydreamgraphics.com/.*$ [NC]
RewriteRule .*\.gif$ - [L]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://daydreamgraphics.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.daydreamgraphics.com/.*$ [NC]
RewriteRule .*\.png$ - [L]


When I upload this file in text mode to my account, it disabled the images from loading from my own domain.

I checked with my host a couple of times and he said mod-rewrite is supported on the apache server but he has no idea what this isn't working.

Does anyone knows?

I run a graphics site and bandwidth theft from hot linking images can be a real problem.

Thanks very much.

Could it be because you entered your domain name into your browser as follows:

http://daydreamgraphics.com
http://www.daydreamgraphics.com

(without the final slashes to those domain names)?

You may want to add rules like


RewriteCond %{HTTP_REFERER} !^http://daydreamgraphics.com$ [NC]


(etc) to allow URLs like that...

Doesn't it have to be like this???

AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^.*yourdomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://1.2.3.4.*$ [NC]
RewriteRule .*\.jpg$ http://www.hotlinkerssuck.com/index.html [R,L]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^.*yourdomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://1.2.3.4.*$ [NC]
RewriteRule .*\.gif$ http://www.hotlinkerssuck.com/index.html [R,L]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^.*yourdomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://1.2.3.4.*$ [NC]
RewriteRule .*\.mpg$ http://www.hotlinkerssuck.com/index.html [R,L]

Hi,

I tried both methods, still doesn't work. I repharse, worked too well that images doesn't show up even on my own domain pages. That's the problem.

AuthUserFile /dev/null
AuthGroupFile /dev/null

does /dev/null have to be a directory or something? Do I have to change that to use on my domain? or just put it as it is?

Please help. I have tried searching in Apache.org about mod rewrite and search in the engines on htaccess commands against hotlinking, and I tried all the commands in those tutorials, still doesn't work.

I emailed my host about 10 times and he doesn't know what to do either and he's sure mod-rewrite is enabled since my images were forbidden when I put in the htaccess.

Thanks.

You don't need anything to make mod_rewrite work, other than the mod_rewrite rules. Try something like this, too, btw:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteRule !.*\.(html?|cgi|pl|shtml?|php3?|phtml?|txt)$ - [NC,F]


Or this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteRule ^.*\.(gif|jpg|jpeg|mpg|mpeg|wav|etc)$ - [NC,F]

It's better to use the first example though, in my opinion, and say "unless it *is* an html, CGI, etc. file, to *then* require it have a valid referer, if one exists", instead of listing all the many things you *don't* want to work without a referrer *if* one does exist. Maybe that doesn't make sense worded that way, but it's better to deny all and specifically add and control what you *do* want, than to try and list and remember all the stuff that you want to deny later, for example. You can also do redirects, or whatever you want for errors, messages or just deny.

I think if you've been reading the documentation about mod_rewrite, this above example should be pretty straight forward. You likely do have mod_rewrite enabled on the web server and you have access/the ability to use it, otherwise as soon as you added that .htaccess file, you'd get Internal Server Errors if you tried to acess any file within that or any of it's sub directories/folders. Your web host administrator can check by typing /the/path/to/apache/bin/httpd -l (minus Elle, not 1 (one)). It will list it there if it's built it. Otherwise s/he can check the httpd.conf file to see if it's loaded, which I'm sure it is. There, s/he can check if you have access to utilize it as well.

Hi

Thank you very much for your reply. I cut and paste both commands, and it did not resolve the problem that the images won't load on my own domain.

I'm using a php script to call the images and the url is in the form, http://www.domain.com/filename.php?action=list&id=...

Will that affect the htaccess commands? I only wanted to protect images in one folder and I put the htaccess file into that folder, my php script is in my root folder though.

I just sent an email to my web host administrator about looking into the apache and the httd-conf file to see if I have permission etc.

The .htaccess commands on above posts will only work with files with specific extensions. Since you are using your own php script to serve images, they are not affected by those RewriteRules.

Have you tried loading the image directly without referencing it from an html page?

Thank you. Now I understand why the commands don't work as I intended.

This is most educating. I suppose I have to write an anti-leech code myself soon.