View Full Version : Explain Specific "No-Hotlinking" Lines to Me

Joseph Witchard
04-01-2010, 09:27 AM
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://altlab.com/hotlink.gif [L]

1) What is the '%' before each referer used for?

2) What is the '!' at the beginning of the regular expression used for?

3) On line 3, I read that it "allows empty referrals". What does that mean?

4) What does '[L]' at the end of the replacement image URL do?

I know that I just have to follow tutorials on this by copying and pasting the code, but it bugs me if I don't understand why some things are done the way they are done. Thanks!

04-03-2010, 09:01 PM
%{ NAME_OF_VARIABLE } - just wraps a server variable/header so the module can parse it.

The ! is being used as a bang (not) operator. It's not really regex. I won't confuse issues here too much but the regex NOT is the same as the start of line character - the caret ^. ^ = match start of line / [^foo] match NOT foo. So that line is saying DON'T match my domain or any of my subdomains if they appear in the HTTP_REFERER server variable/header set.

The next line says Don't match an empty HTTP_REFERER server variable/header set. Most of the time hotlinking will result in the offender having their domain in the HTTP_REFERER variable, but 'fresh' or 'direct' visitors landing directly at your site will not. They will have an empty HTTP_REFERER. You don't want them to see the 'no hot linking' image in error. It does mean 'clever' hotlinkers could modify the http request to empty it - or give it what you want from it, but if they want to go to this much trouble you'd be up against people who were not the average clueless numnuts. In such a case you'd add a condition to block their IP instead :-)

Finally the [L] means 'if this rule runs, make it the Last rule - don't bother running any others in my .htaccess file or rules directive.

Sincerely Hope that helps.

Joseph Witchard
04-04-2010, 11:11 PM
It does. Thanks very much:)