I have a friend who also has access to one of the directories on my site and I am not sure if he copied over the htaccess file without realizing what it really does or if it is used for something. Here is the code found in the htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|zip)$ - [F,NC]

However I do not remember what it is for since it was added about five years ago. Could it be to prevent hot linking images? Thanks.

Yes its for outside linking protection.

Exactly. In full:

If there is no referrer
or if the referrer isn't mysite.com
then rewrite all images/zips as "-" which will probably result in a 404.

Anyone using a normal browser would only be able to get images/zips from your pages, not as direct links from other websites.

Jim

Exactly. In full:

If there is no referrer
or if the referrer isn't mysite.com
then rewrite all images/zips as "-" which will probably result in a 404.

Anyone using a normal browser would only be able to get images/zips from your pages, not as direct links from other websites.

Jim

Not quite

# If the 'referer' is NOT blank, ! negates the ^$.
RewriteCond %{HTTP_REFERER} !^$



# AND the 'referer' does NOT match your 'mysite.com'
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com(/)?.*$ [NC]



# THEN serve a HTTP-403 style "Forbidden" error message
RewriteRule .*\.(gif|jpg|jpeg|bmp|zip)$ - [F,NC]


[F] means serve an HTTP-403 error page, so the - while still required for good syntax, doesn't actually do anything...

[NC] makes the expression case-insensitive.

This has the effect that if some one hot links the image is simply "broken". Also, if some one has bookmarked the image and loads it directly (no referrer) it will still work and for people who have HTTP referrer disabled, paranoid people, HTTPS sites etc.. it will still work.

Nice sensible hot link blocking snippet IMO.