2

I want to block hotlinking of PDF files on a site. Previously, I have used this method to block hotlinking for zip files on a different server. Here's my .htaccess:

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC]
RewriteRule \.(pdf)$ - [F,NC]

It is nearly identical code to the other site I use it on, except that I have "zip" in place of "pdf". For some reason, on this apache server it's blocking not just pdfs, but everything. PHP and HTML files accessed through the browser are giving the forbidden error. Can anyone see something I am missing in this block or have any ideas what might be causing this?

Mesidin
  • 123

3 Answers3

1

Diagnostic: what happens if you put up a .htaccess containing only RewriteEngine on? What we're checking for there is whether there are wacky server-defined rules that someone left lying around, relying on RewriteEngine being off to disable them.

Comments show this is the case. Awesome. The only thing I can think of to tell you to try is solutions that don't use mod_rewrite, like:

SetEnvIf Referer . hotlink=1
SetEnvIfNoCase Referer ^http://(www\.)?domain\.com/.*$ !hotlink
<LocationMatch *.pdf>
    Order allow,deny
    Deny from env=hotlink
    Allow from all
</LocationMatch>
chaos
  • 7,533
0

Try this, on my server works prefectly:

#Enables mod_rewrite, otherwise all Rewrite directives below will not work
RewriteEngine on

#Hotlink protection
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteRule .*\.(pdf|zip)$ - [F,NC]
Marco Demaio
  • 599
  • 2
  • 9
  • 23
0

Try:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com/.*$ [NC]
RewriteRule .*\.pdf$ - [F,L]
Dave Drager
  • 8,455