2

The problems I'm facing is how to prevent hotlinking from within a website. What I want to do is to block www.website.com/user/xxx from hotlinking a CSS, but allow www.website.com/user/aaa to use the CSS using .htaccess.

-Both user xxx and user aaa is using www.mywebsite.com/css.css css file, I only want to allow user aaa to be able to use it and not user xxx

What I manage to come up with so far is is putting a .htaccess in www.mywebsite.com to only allow user aaa to hotlink the css.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.website.com/user/aaa [NC]
RewriteRule \.(css|jpg|jpeg|png|gif)$ http://website.com/donotsteal [NC,R]

When I put this into the .htaccess it blocks both www.website.com/user/xxx and www.website.com/user/aaa from hotlinking the css

What I want to do is allow only this page www.website.com/user/aaa to use the css and block anything else from hotlinking it.

John Smith
  • 29
  • 2

1 Answers1

0

The flags [L] and/or [F] are missing from your RewriteRule http://altlab.com/htaccess_tutorial.html I am not certain if that would make the difference?

The ! in the *RewriteCond %{HTTP_REFERER} ^ or RewriteCond %{HTTP_REFERER} !^ \reverses the logical condition.

So

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]

Says if it is "!" NOT mysite then "[L]" DON'T allow it which is a double negative to allow if from your site.

Correction [L] is the flag for LAST - [F] is forbidden and I need to get my glasses checked.

Wayne
  • 101
  • 1
  • That shouldn't have made a difference since [L] just tells when to stop the Rewrite Engine and I don't know what [F] do. Anyway my problem was that I had a pointless "(" in the second line. I removed it and everything worked perfectly. – John Smith Jul 05 '11 at 00:20
  • Thanks, It was the only difference I saw between your code and the code that works ... I did not see that ( either –  Jul 05 '11 at 00:26