-3

I have the following .htaccess file contents:
The file is clipped for brevity.

Options -Indexes
RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://192.168.4.2 [NC] 
RewriteCond %{HTTP_REFERER} !http://192.168.4.2 [NC]
RewriteRule \.(jpg)$ - [F]

The idea is that the jpg extension is forbidden (using the F|forbidden flag).

This works fine in all environments except for my IP at http://192.168.4.2.
Any clarification would be appreciated.

Croises
  • 18,570
  • 4
  • 30
  • 47
sudipta
  • 11
  • 5
  • 3
    Avoid capitals. Format your question better. Add your code (what you have tried) so that it can be recreated and clearly explain the problem/question you seek help for. Please review the help section (https://stackoverflow.com/help) on how to ask a question. – Yannis Dec 15 '17 at 11:42

3 Answers3

0

The problem seems to be because the pattern string in your RewriteCond uses a full URL (http://localhost/vpn) instead of a relative one (/vpn). You may want to try this - 

 <IfModule mod_rewrite.c>
    Options -Indexes
    RewriteEngine on 
    RewriteCond %{HTTP_REFERER} !^/vpn [NC] 
    RewriteCond %{HTTP_REFERER} !/vpn [NC]
    RewriteRule \.(jpg)$ - [F]
</IfModule>
DeadLock
  • 448
  • 3
  • 11
0

Updated answer based on your change in the question's details - You will have to change your RewriteCond as follows. 

Options -Indexes
RewriteEngine on 
RewriteCond %{REMOTE_ADDR} !^192\.168\.4\.2$ 
RewriteRule \.(jpg)$ - [F]

Use the condition %{REMOTE_ADDR} instead of %{HTTP_REFERER}

Possible Duplicate of - mod_rewrite based on ip

DeadLock
  • 448
  • 3
  • 11
  • Why have you posted _two_ answers...? Could they not have been concatenated? Is one redundant? – JustCarty Dec 15 '17 at 12:13
  • The OP has changed the original description of his/her problem. The first answer was posted for the original description before this change was made. – DeadLock Dec 15 '17 at 12:15
  • Then I'd wager that you should probably delete that question if it is no longer needed. – JustCarty Dec 15 '17 at 12:16
0

A quick Google and read of the documentation led me to this link:
https://httpd.apache.org/docs/2.4/rewrite/access.html#blocked-inline-images

Try changing your code to this:

Options -Indexes
RewriteEngine on 
RewriteCond "%{HTTP_REFERER}"  "!^$"                      # no referer (they entered the URL directly)
RewriteCond "%{HTTP_REFERER}"  "!http://192.168.4.2" [NC] # they came from an address at "www.example.com"
RewriteRule "\.(gif|jpg|png)$" "-" [F,NC]                 # the extension to block, separated by a pipe ("|")

A few notes:

  • Removed the pointless RewriteCond (!^http://192.168.4.2).
    The caret symbol is from RegEx and is used to denote the start of a pattern. This meant that both of your rules are practically the same.
  • Added a blank referer pattern.
  • Added other extensions.
    This is from the documentation and the extensions you block are up to you.
  • Added some comments to explain.
JustCarty
  • 3,839
  • 5
  • 31
  • 51