Rewriting rule to prohibit image linking from another server

Question

Possible Duplicate:
How to prevent hot linking (“image theft” / “bandwidth theft”) of ressources on my site?

I'd like to forbit image linking on my server. That means if someone tries to link from another server to an image of my server, he should not see the linked image but an alternative image (an image with a writing: "image linking is forbitten!").
Unfortunately it doesn't work at all: Either the original image is shown at the remote server, or the forbitten-image is even shown on my own server, although I never invoke my images with full URL:

Options -Indexes 
RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.my-domain.net/en/pictures/drawings/.*$ [NC]
RewriteRule .*\.(png|PNG)$ http://www.my-domain.net/pics/linkingpicsforbitten.png [R]

If I make this so, I always get the linkingpicsforbitten.png image, even on my own server although I invoke my pictures like this:

<img class="pictures" src="drawings/myoriginalpic.png" alt="original pic" style="width:640px; height:466px;"/>

So what's wrong here?

Answer 1

If I understand your rules, you do:

• if the referer is not empty AND
• if the referer is not like "http://www.my-domain.net/en/pictures/drawings/.*$ [NC]"

... I would do:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !en/pictures/drawings/ [NC]
RewriteRule .*\.(png|PNG)$ http://www.my-domain.net/pics/linkingpicsforbitten.png [R,L]

NB: the second rewrite rule just means "if the referer doesn't contain "en/pictures/drawings/", which should be enough for you and which still may work if you use https one day.

Don't forget the "L" in the RewriteRule, to stop going further. Unless you really need to do a redirect, you may just do this RewriteRule instead:

RewriteRule .*\.(png|PNG)$ /pics/linkingpicsforbitten.png [L]

Because what you do is a redirect. And a redirect means new exchange. With the previous rule, you won't have this. There won't be an extra (and useless) exchange between the client (which will get a redirect so re-ask for the new picture) and the server (which will get another request for the rewritten picture (the "forbidden picture").

To summarize:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !en/pictures/drawings/ [NC]
RewriteRule .*\.(png|PNG)$ /pics/linkingpicsforbitten.png [L]

This is shorter, more efficient, and clearer.

Hope this helps.

Answer 2

I suspect that the Referer is not match, so you should record the rewriting actions with RewriteLog or use Firebug to verify the HTTP referer.

Try something like this:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?my-domain\.net/.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png)$ http://www.my-domain.net/pics/linkingpicsforbitten.png [R,NC,L]