asked on Apache .htaccess not working
Hello, I created a htaccess and passed it at the root of the html directory. I even set it so that apache is the owner of the file. However, I am still able to hotlink to my image or pdf file. What could be the problem? Please see my htaccess file below.
Thanks for your assistance.
#prevent viewing of .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
#prevent directory listing
IndexIgnore *
#custom error message
ErrorDocument 401 /custom-error/401.php
ErrorDocument 403 /custom-error/403.php
ErrorDocument 404 /custom-error/404.php
ErrorDocument 500 /custom-error/500.php
#prevent hotlinking to images (gif, png, jpg), documents (csv, pdf, xls, xlsx) and web files (javascript: js, css)
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|png|jpg|csv|pdf|xls
Thanks for your assistance.
#prevent viewing of .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
#prevent directory listing
IndexIgnore *
#custom error message
ErrorDocument 401 /custom-error/401.php
ErrorDocument 403 /custom-error/403.php
ErrorDocument 404 /custom-error/404.php
ErrorDocument 500 /custom-error/500.php
#prevent hotlinking to images (gif, png, jpg), documents (csv, pdf, xls, xlsx) and web files (javascript: js, css)
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|png|jpg|csv|pdf|xls
Apache Web ServerPHPWeb Servers
Last Comment
arober11
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Try this tool
http://www.htaccesstools.com/hotlink-protection/
http://www.htaccesstools.com/hotlink-protection/
ASKER
abolinhas -- i tried that and the code look the same to me.
arober11 - i don't think it is i the http_referer condition. it is recommending to have the blank refere string and i do want that as part of the condition
ray_paseur - that is a good idea if images and other files aren't changing as often as it is here.
I am still hoping to use htaccess so that I have control over security instead of having to rely on system admin because they are the only one who can configure the httpd.conf file.
Does anyone else see or know why my code might not be working??
arober11 - i don't think it is i the http_referer condition. it is recommending to have the blank refere string and i do want that as part of the condition
ray_paseur - that is a good idea if images and other files aren't changing as often as it is here.
I am still hoping to use htaccess so that I have control over security instead of having to rely on system admin because they are the only one who can configure the httpd.conf file.
Does anyone else see or know why my code might not be working??
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
If you want to see what's going on, have the admin temporarily paste the following into you httpd.conf and restart Apache:
RewriteLog /tmp/tmp_apace_rewrite.log
RewtiteLogLevel 9
ASKER
arober11 - I have the admin perform the modification to the httpd.conf and when I viewed the log file, I get the following:
(2) init rewrite engine with requested uri /
(3) applying pattern '^(/htdocs/.*)' to uri '/'
(3) applying pattern '.*' to uri '/'
(4) RewriteCond: input='GET' pattern='^(TRACE|TRACK)' => not-matched
(1) pass through /
(3) [perdir /var/www/html/] strip per-dir prefix: /var/www/html/ ->
(3) [perdir /var/www/html/] applying pattern '\.(gif|png|jpg|csv|pdf|xl
(1) [perdir /var/www/html/] pass through /var/www/html
Does the log indicates what the problem might be?
(2) init rewrite engine with requested uri /
(3) applying pattern '^(/htdocs/.*)' to uri '/'
(3) applying pattern '.*' to uri '/'
(4) RewriteCond: input='GET' pattern='^(TRACE|TRACK)' => not-matched
(1) pass through /
(3) [perdir /var/www/html/] strip per-dir prefix: /var/www/html/ ->
(3) [perdir /var/www/html/] applying pattern '\.(gif|png|jpg|csv|pdf|xl
(1) [perdir /var/www/html/] pass through /var/www/html
Does the log indicates what the problem might be?
Nope, you've cut off the URI from the rules, was expecting output in the following format:
(3) [perdir /var/www/html/] applying pattern '\.(js|ico|gif|jpg|png|css
So the output above is of little use, other than to prove the rule is in place and being invoked.
(3) [perdir /var/www/html/] applying pattern '\.(js|ico|gif|jpg|png|css
So the output above is of little use, other than to prove the rule is in place and being invoked.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
As to why it dosen't work, loose the first Http_referer condition, as that's allowing BLANK referer strings.