As a precaution against hotlinking, I've been using the following rule to redirect people with the wrong referrer to our logo instead of the actual image:

    #Naughty hotlinkers
    RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !sitedomain\.com [NC]
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteRule (.*) assets/hotlinked/logo.jpg [L]

It works well, for images.

I'm in the process of writing horrible wrapping code to preserve images embedded in our user's content with their src pointing to a php file that was used to filter requests for and serve our images. Although new images will no longer be served this way, we do need to ensure previously uploaded images are still available from their old address.

Though the images still need to be accessible, this file needs to be guarded against hotlinking as well.

I tried this:

    #Naughty hotlinkers
    RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$|.*gp2\.php.* [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !sitedomain\.com [NC]
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteRule (.*) assets/hotlinked/logo.jpg [L]

But no dice.

The file I want to protect used in image's src like:

    http://sitedomain/legacy/gp2.php?p=long_stupid_string

Please will an apache guru tell me what stupid thing I'm doing wrong here?

Edit:

I'm testing hotlink prevention here:

(image) here

(php) and here

Accepted Answer

Solution

    RewriteCond %{REQUEST_FILENAME} .*(jpg$|gif$|png$|gp2\.php.*) [NC]
Written by Michael Robinson
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki