0

Possible Duplicate:
How to prevent hot linking (“image theft” / “bandwidth theft”) of ressources on my site?

I'd like to forbit image linking on my server. That means if someone tries to link from another server to an image of my server, he should not see the linked image but an alternative image (an image with a writing: "image linking is forbitten!").
Unfortunately it doesn't work at all: Either the original image is shown at the remote server, or the forbitten-image is even shown on my own server, although I never invoke my images with full URL:

Options -Indexes 
RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.my-domain.net/en/pictures/drawings/.*$ [NC]
RewriteRule .*\.(png|PNG)$ http://www.my-domain.net/pics/linkingpicsforbitten.png [R]

If I make this so, I always get the linkingpicsforbitten.png image, even on my own server although I invoke my pictures like this:

<img class="pictures" src="drawings/myoriginalpic.png" alt="original pic" style="width:640px; height:466px;"/>

So what's wrong here?

Community
  • 1
Bevor
  • 113
  • 1
  • 11

2 Answers2

1

If I understand your rules, you do:

... I would do:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !en/pictures/drawings/ [NC]
RewriteRule .*\.(png|PNG)$ http://www.my-domain.net/pics/linkingpicsforbitten.png [R,L]

NB: the second rewrite rule just means "if the referer doesn't contain "en/pictures/drawings/", which should be enough for you and which still may work if you use https one day.

Don't forget the "L" in the RewriteRule, to stop going further. Unless you really need to do a redirect, you may just do this RewriteRule instead:

RewriteRule .*\.(png|PNG)$ /pics/linkingpicsforbitten.png [L]

Because what you do is a redirect. And a redirect means new exchange. With the previous rule, you won't have this. There won't be an extra (and useless) exchange between the client (which will get a redirect so re-ask for the new picture) and the server (which will get another request for the rewritten picture (the "forbidden picture").

To summarize:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !en/pictures/drawings/ [NC]
RewriteRule .*\.(png|PNG)$ /pics/linkingpicsforbitten.png [L]

This is shorter, more efficient, and clearer.

Hope this helps.

Olivier Pons
  • 612
  • 1
  • 5
  • 21
  • With this rule I get always the forbitten image, remote and on own server. Moreover it doesn't make sense to me because en/pictures/drawings/ always appears in an url. You had to check for http://... in the referer to find out if the picture is linked from remote, but when I do that with or without negotiation (shouldn't it be `RewriteCond %{HTTP_REFERER} ^http://www.my-domain.net/en/pictures/drawings/.*$ [NC]` without "!" then?) I always get the forbitten or I never get the forbitten. It doesn't make sense to me. – Bevor Nov 06 '11 at 08:51
  • I understand now what you mean. But I don't understand why it doesn't work, hmmm. – Bevor Nov 06 '11 at 09:29
  • It finally works. It was a mistake to write `http://www.my-domain.net/en/pictures/drawings/`. It should have been `http://www.my-domain.net/en/pictures/` because the referer points to the html file which is in this directory. – Bevor Nov 06 '11 at 09:34
0

I suspect that the Referer is not match, so you should record the rewriting actions with RewriteLog or use Firebug to verify the HTTP referer.

Try something like this:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?my-domain\.net/.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png)$ http://www.my-domain.net/pics/linkingpicsforbitten.png [R,NC,L]
quanta
  • 50,327
  • 19
  • 152
  • 213
  • The problem is the same. I want to redirect to the forbitten image, if and only if the referer contains `http://...`. So in my opinion, I have to leave the "!" but then redirection to the forbitten image doesn't work from remote, and it has no effect on my own server (which should be the right behaviour in this case). I wasn't able to log that yet, because I always get "RewriteLog not allowed here" in the error log. And firebug doesn't show me the referer of the images. At least I don't know how to do that. I only get the referers from the html sites. – Bevor Nov 06 '11 at 09:19
  • Ok now I understand why I need `!^http://www.my-domain.net`. I have to redirect all requests which are not `http://www.my-domain.net`, so the "!" should be right. But it doesn't explain why it still doesn't work. – Bevor Nov 06 '11 at 09:25
  • Logging the referer lead to success, it finally works. It was a mistake to write `http://www.my-domain.net/en/pictures/drawings/`. It should have been `http://www.my-domain.net/en/pictures/` because the referer points to the html file which is in this directory. – Bevor Nov 06 '11 at 09:34