Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by megaspaz: http://wiki.apache.org/httpd/Recipes/DisableImageHotLinking The comment on the change is: New recipe New page: = Disable Image Hot Linking = In this How-To guide, we will show you how to disable image hot linking using two methods: ==== Using mod_rewrite ==== {{{RewriteEngine on RewriteCond %{HTTP_REFERER} !="" RewriteCond %{HTTP_REFERER} !example\.com [NC] RewriteRule \.(jpe?g|gif|png)$ - [F,NC] }}} This rewrite rule will throw a forbidden if the referer isn't your domain. All png, jpeg, and gif images will not be shown in the web page that is hot linking to your images. ==== Using SetEnvIfNoCase and FilesMatch ==== {{{SetEnvIfNoCase Referer "example\.com" local_ref=1 <FilesMatch "\.(jpe?g|gif|png)$"> Order Allow,Deny Allow from env=local_ref </FilesMatch> }}} This first checks the referer and sets a local environment variable if the referer contains your domain. The !FilesMatch then matches the request for jpep, png, and gif files. If there's a match in the filename, then accessed is only allowed if the local environment variable is set.[[BR]][[BR]] In both methods, you might want to add patterns to the referer checks since there might be more ways your site will be accessed by - localhost for localhost testing, IP address, LAN hostname, etc. [[BR]][[BR]] The same holds true for the file extension match. For any other kind of resources you would like to protect, add their file extensions to the file extension pattern. [[BR]][[BR]] You should note that there really is no way to keep everyone from stealing your images/bandwidth. If someone really wants to hot link to your resources, they will. Checking the referer value is not reliable. Anyone can send whatever referer value they want... provided they know how.
