2

I've got this code in my .htaccess file to prevent hotlink of images and pdf files but it is also preventing normal external links to work. My htaccess file:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mywebsite.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|pdf|png)$ http://www.mywebsite.com/images/notallowed.jpe [NC,R,L]

Problem is that a legitime external link to say a pdf file will cause the replacement image to appear instead of the pdf file. ¿Is this normal or what am I doing wrong/missing? Thanks in advance.

haddock
  • 21
  • 3

2 Answers2

2

I'd give this a try...

RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?mywebsite\.com(?:$|/) [NC] [OR]
# Repeat the next line as needed for each allowed site
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?allowedsite1\.com(?:$|/) [NC] [OR]
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?allowedsite2\.com(?:$|/) [NC]
RewriteRule ^(.*)\.(gif|jpg|pdf|png) http://www.mywebsite.com/images/notallowed.jpe [NC,R,L]

Might be kind of inconvenient to manually add each allowed site, but it should give you some control... Other possible drawback would be that the people visiting a raw image, for example, would have to do so via an existing link found within the site.

Example: typing http://www.mywebsite.com/logo.png into your browser and trying to directly view the file logo.png wouldn't work, but you shouldn't have a problem viewing the same file if you click on <a href="http://www.mywebsite.com/logo.png"><img src="http://www.mywebsite.com/logo.png" /></a>.

Hope that helps someone...

jerdiggity
  • 3,655
  • 1
  • 29
  • 41
0

Use SetEnvIf instead:

SetEnvIf Referer ^http remote

<FilesMatch "\.(png|gif|jpg|pdf)">
  order deny,allow
  deny from env=remote
  allow from all
</FilesMatch>
Paul Sweatte
  • 24,148
  • 7
  • 127
  • 265