Results 1 to 4 of 4
  1. #1

    What do you think this htaccess code does?

    I have a friend who also has access to one of the directories on my site and I am not sure if he copied over the htaccess file without realizing what it really does or if it is used for something. Here is the code found in the htaccess file:

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com(/)?.*$     [NC]
    RewriteRule .*\.(gif|jpg|jpeg|bmp|zip)$ - [F,NC]
    However I do not remember what it is for since it was added about five years ago. Could it be to prevent hot linking images? Thanks.

  2. #2
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,479
    Yes its for outside linking protection.

  3. #3
    Exactly. In full:

    If there is no referrer
    or if the referrer isn't mysite.com
    then rewrite all images/zips as "-" which will probably result in a 404.

    Anyone using a normal browser would only be able to get images/zips from your pages, not as direct links from other websites.

    Jim
    Blue Room Hosting - High availability UK VPS
    KVM Plans - Multiple OS support. Virtual console and CD drive.

  4. #4
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    Quote Originally Posted by blueroomhosting View Post
    Exactly. In full:

    If there is no referrer
    or if the referrer isn't mysite.com
    then rewrite all images/zips as "-" which will probably result in a 404.

    Anyone using a normal browser would only be able to get images/zips from your pages, not as direct links from other websites.

    Jim
    Not quite
    Code:
    # If the 'referer' is NOT blank, ! negates the ^$. 
    RewriteCond %{HTTP_REFERER} !^$
    Code:
    # AND the 'referer' does NOT match your 'mysite.com'
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com(/)?.*$ [NC]
    Code:
    # THEN serve a HTTP-403 style "Forbidden" error message
    RewriteRule .*\.(gif|jpg|jpeg|bmp|zip)$ - [F,NC]
    [F] means serve an HTTP-403 error page, so the - while still required for good syntax, doesn't actually do anything...

    [NC] makes the expression case-insensitive.

    This has the effect that if some one hot links the image is simply "broken". Also, if some one has bookmarked the image and loads it directly (no referrer) it will still work and for people who have HTTP referrer disabled, paranoid people, HTTPS sites etc.. it will still work.

    Nice sensible hot link blocking snippet IMO.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •