Allowing hotlinks for facebook

Question

I am building a site, in which I denied hotlinking of images. But after I added the facebooks "like" link to my pages, I realized that I want to allow hotlinking for facebook. So, if a user likes a page on my site, facebook should be able to show a related thumbnail of the page in the profile of the user. So, I added an exclusion rule in IIS like

if {HTTP_REFERER} matches pattern ^(https?://)?(\w+.)facebook.(com|net)(/.)*$ , allow. Alas, it didn't work for me.

After that I googled for an answer. A forum post suggested to use "tfbnw" instead of facebook, so I added that exclusion, too:

^(https?://)?(\w+.)*tfbnw.(com|net)(/.*)*$

But as you might expect, still no chance. So, I don't know which URL facebook uses to request images when a user uses the like button. I would appreciate any help to uncover this mystery, so that I can allow that URL on my site.

Note: If I disable hotlinking protection, everything works fine. So we know that my problem is just the hotlinking protection.

Answer 1

Can you try whitelisting with IP address? All of FB's crawlers should come from one of the IP addresses returned by

whois -h whois.radb.net '!gAS32934'

Answer 2

Try allowing the domain fbcdn.net:

^(https?://)?(\w+.)fbcdn.(com|net)(/.)*$ 

This is facebook's content delivery network.