2

I want to block hotlinking of PDF files on a site. Previously, I have used this method to block hotlinking for zip files on a different server. Here's my .htaccess:

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC]
RewriteRule \.(pdf)$ - [F,NC]

It is nearly identical code to the other site I use it on, except that I have "zip" in place of "pdf". For some reason, on this apache server it's blocking not just pdfs, but everything. PHP and HTML files accessed through the browser are giving the forbidden error. Can anyone see something I am missing in this block or have any ideas what might be causing this?

Mesidin
  • 123
  • 2
  • similar question: http://serverfault.com/questions/18757/apache-2-prevent-image-hotlinking-serverwide/18825 – pQd Jun 08 '09 at 18:14
  • Unlike the user in that question, my client is on shared hosting where I can ONLY use a .htaccess file. Also, I WANT to show a forbidden error. Mostly, I think a server setting or some sort of other error is screwing up the working rewrite. – Mesidin Jun 08 '09 at 18:28

3 Answers3

1

Diagnostic: what happens if you put up a .htaccess containing only RewriteEngine on? What we're checking for there is whether there are wacky server-defined rules that someone left lying around, relying on RewriteEngine being off to disable them.

Comments show this is the case. Awesome. The only thing I can think of to tell you to try is solutions that don't use mod_rewrite, like:

SetEnvIf Referer . hotlink=1
SetEnvIfNoCase Referer ^http://(www\.)?domain\.com/.*$ !hotlink
<LocationMatch *.pdf>
    Order allow,deny
    Deny from env=hotlink
    Allow from all
</LocationMatch>
chaos
  • 7,463
  • 4
  • 33
  • 49
  • 1. That's my entire file. 2. If I remove the .htaccess or upload a blank version, everything works fine. You can access all the files on the system. Thanks for the help! – Mesidin Jun 08 '09 at 18:09
  • Well, I put that on there in place of my original, but it's not redirecting. It's still giving a forbidden return. – Mesidin Jun 08 '09 at 19:16
  • Okay, I tried with just "RewriteEngine on" as well. It's the same thing. ALL files become forbidden. – Mesidin Jun 08 '09 at 19:21
  • Ha. You were right, then, it is server config. Either someone's incompetent and some global-forbid rule sitting around, or that's their way of denying you the use of mod_rewrite (God knows why). Unfortunately, I can't think of any way around it, if ddrager's rule with [L] in it didn't work. Of course, you could call them up and ask them wtf the deal is. – chaos Jun 08 '09 at 19:30
0

Try this, on my server works prefectly:

#Enables mod_rewrite, otherwise all Rewrite directives below will not work
RewriteEngine on

#Hotlink protection
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteRule .*\.(pdf|zip)$ - [F,NC]
Marco Demaio
  • 580
  • 1
  • 8
  • 22
0

Try:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com/.*$ [NC]
RewriteRule .*\.pdf$ - [F,L]
Dave Drager
  • 8,315
  • 28
  • 45
  • Unfortunately, that did not work either. Same problem of getting a forbidden error even on valid referred requests and on non-pdf files. It's blocking everything, so I am guessing this is some sort of server setting and not the .htaccess file itself? – Mesidin Jun 08 '09 at 18:18