Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Oct 2008
    Posts
    255
    Thanks
    113
    Thanked 0 Times in 0 Posts

    Explain Specific "No-Hotlinking" Lines to Me

    Code:
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://altlab.com/hotlink.gif [L]
    1) What is the '%' before each referer used for?

    2) What is the '!' at the beginning of the regular expression used for?

    3) On line 3, I read that it "allows empty referrals". What does that mean?

    4) What does '[L]' at the end of the replacement image URL do?

    I know that I just have to follow tutorials on this by copying and pasting the code, but it bugs me if I don't understand why some things are done the way they are done. Thanks!

  • #2
    120
    120 is offline
    Regular Coder
    Join Date
    Nov 2009
    Location
    UK
    Posts
    105
    Thanks
    6
    Thanked 15 Times in 15 Posts
    %{ NAME_OF_VARIABLE } - just wraps a server variable/header so the module can parse it.

    The ! is being used as a bang (not) operator. It's not really regex. I won't confuse issues here too much but the regex NOT is the same as the start of line character - the caret ^. ^ = match start of line / [^foo] match NOT foo. So that line is saying DON'T match my domain or any of my subdomains if they appear in the HTTP_REFERER server variable/header set.

    The next line says Don't match an empty HTTP_REFERER server variable/header set. Most of the time hotlinking will result in the offender having their domain in the HTTP_REFERER variable, but 'fresh' or 'direct' visitors landing directly at your site will not. They will have an empty HTTP_REFERER. You don't want them to see the 'no hot linking' image in error. It does mean 'clever' hotlinkers could modify the http request to empty it - or give it what you want from it, but if they want to go to this much trouble you'd be up against people who were not the average clueless numnuts. In such a case you'd add a condition to block their IP instead :-)

    Finally the [L] means 'if this rule runs, make it the Last rule - don't bother running any others in my .htaccess file or rules directive.

    Sincerely Hope that helps.

  • Users who have thanked 120 for this post:

    Joseph Witchard (04-04-2010)

  • #3
    Regular Coder
    Join Date
    Oct 2008
    Posts
    255
    Thanks
    113
    Thanked 0 Times in 0 Posts
    It does. Thanks very much


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •