Add a subdomain as an exception in hotlinking

Question

I used this code in my .htaccess file and it is working great to prevent hotlinking:

RewriteEngine On
RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/.*
RewriteRule \.(gif|jpg|jpeg|png|tif|pdf|wav|wmv|wma|avi|mov|mp4|m4v|mp3|zip?)$ - [F]

Now I want to allow one of my subdomains (cdn.example.com) to access my files using a GET request.

It is not possible to add http_reffer to my GET request! I should only handle it with .htaccess.

How should I add my subdomain as an exception in this code?

"It is not possible to add http_reffer to my GET request!" - What do you mean by this exactly? If the `Referer` header is not being sent as part of the request (for some reason) then you cannot allow this specific hostname, you would need to allow for an _empty_ `Referer` header, which will mean _direct_ requests will also be permitted. — MrWhite, Mar 06 '22 at 12:56
Cross-site dupe on StackOverflow: https://stackoverflow.com/questions/71369817/add-subdomain-as-exception-in-hotlinking — MrWhite, Mar 06 '22 at 18:46

MrWhite · Answer 1 · 2022-03-06T12:51:46.693

0

RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/.*

Use the following condition instead to allow for an optional cdn subdomain:

RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://(cdn\.)?\1/

(The trailing .* is not required.)

edited Mar 06 '22 at 12:51

answered Mar 06 '22 at 12:44

MrWhite

11,643
4
25
40

Add a subdomain as an exception in hotlinking

1 Answers1