4

I want to prevent people from getting the images of my website by typing in the URLs in browser address bar, while allowing them to view the images on when visiting the webpages.

I tried the following .htaccess code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]

However, it not only restricts direct URL access, but also hides all of images even when visiting the webpage. Now my website looks like a page of text with a lot of image holes.

Can anyone tell me why the above .htaccess doesn't work?

I found it here (htaccess) How to prevent a file from DIRECT URL ACCESS?, but I don't have enough reputation to ask in that post, because I just created this account to post this question.

Thanks.

Community
  • 1
  • 1
Cyrix
  • 51
  • 1
  • 5
  • 2
    That .htaccess rule will allow direct access if the page trying to load the images is located at localhost or www.localhost.*. I can see that was suggested in the question you referenced, and might have worked for that OP, but is your own site located at localhost or www.localhost.*? That could be the issue. – stratedge Mar 13 '16 at 04:54

1 Answers1

1

Returns 403 (Forbidden) if you access image directly, but allows them to be displayed on site. It works, but testing can be tricky/misleading. Read about it in questions/10236717/htaccess-how-to-prevent-a-file-from-direct-url-access

Another way to prevent hotlinking is like this (from: htaccess generators 

RewriteEngine on  
RewriteCond %{HTTP_REFERER} !^$  
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]  
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Community
  • 1
  • 1
E.C.Pabon
  • 265
  • 1
  • 9