RewriteRule for hot linking doesn't work right.

Fix it!!

RewriteRule for hot linking doesn't work right.

Postby tanya » Wed Sep 20, 2006 2:05 pm

Hi! I am trying to prevent others from hot linking to my movies, as well as images. I created this simple .htaccess file and placed it in the directory with movies / images:

Code: Select all
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?mysite.com/.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?anothersite.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg)$ http://www.mysite.com/images/nopermission.gif [R,L]
RewriteRule \.(mov)$ http://www.mysite.com/no_access.mov [R,L]


It works... but it's kind of backwards. If I try to view a movie from "mysite.com" it still applies the second RewriteRule, as if I was hot linking to my own movies!

Can anyone see anything in my code that could be causing it?

I would definitely appreciate any pointers in the right direction!
tanya
 
Posts: 3
Joined: Wed Sep 20, 2006 1:56 pm

Postby richardk » Thu Sep 21, 2006 10:16 am

Because the RewriteConds only apply to the next RewriteRule:

Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?(mysite\.com|domain2\.com|domain3\.net)(/.*)?$  [NC]
RewriteRule \.(gif|jpe?g)$ http://www.mysite.com/images/nopermission.gif [R,L]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?(mysite\.com|domain2\.com|domain3\.net)(/.*)?$  [NC]
RewriteRule \.mov$ http://www.mysite.com/no_access.mov [R,L]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby tanya » Thu Sep 21, 2006 10:22 am

I see... I guess that makes sense. Weirdly, I couldn't find any specs on writing more than one rule in a row.. I just assumed that it would go on to the next rule.

Thank you so much for the answer!
tanya
 
Posts: 3
Joined: Wed Sep 20, 2006 1:56 pm


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 16 guests

cron