Dynamically prevent hotlinking images using htaccess for multiple domains

https://stackoverflow.com/questions/18229429

24-06-2022
|

문제

Preventing hotlinking using htaccess is well documented. However, I want to prevent hotlinking for multiple domains without adding a rule per domain.

My idea is to match the referrer with the hostname, this seems like a good solution to me.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?%{HTTP_HOST}/.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
</IfModule>

Is this is a proper and safe solution to prevent hotlinking?

해결책

This won't work when the request comes with www. but the referrer doesn't. That's because your rule would effectively try to match the following which wouldn't work.

RewriteCond http://domain.com/index.php !^http://(www\.)?www\.domain\.com/.*$

The correct way is to use the following:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?([^/]+)/.*$ [NC]
RewriteCond %2#%{HTTP_HOST} !^(.+)#(www\.)?\1$ [NC]
RewriteRule \.(bmp|gif|jpe?g|png|swf)$ - [F,L,NC]

This takes care of SSL (https:) as well. Take a look here to see how it works.

라이센스 : CC-BY-SA ~와 함께 속성

제휴하지 않습니다 StackOverflow