block image hotlinking on multisite

  • Resolved islandcastaway

    (@islandcastaway)


    13 years, 4 months ago

    This is not strictly a WordPress thing, but it does fit into “multisite” questions.

    I understand to block “hotlinked” images in .htaccess you use:

    RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]

    My question is how would you do this on a multisite install with some domains mapped?

    Would you just keep adding more variations of the 3rd line for mapped sites?
    RewriteCond %{HTTP_REFERER} !^https://(www\.)?mydomain.com/.*$ [NC]

    What about a wildcard for the root site install? How is that written?

    Cheers

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    https://perishablepress.com/press/2007/11/21/creating-the-ultimate-htaccess-anti-hotlinking-strategy/

    Basically this works:

    # ultimate hotlink protection
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP_REFERER}     !^$
 RewriteCond %{REQUEST_FILENAME} -f
 RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$           [NC]
 RewriteCond %{HTTP_REFERER}     !^https?://([^.]+\.)?domain\. [NC]
 RewriteRule \.(gif|jpe?g?|png)$                             - [F,NC,L]
</ifModule>

    Change ‘domain’ to your domain, obviously, and add in lines for each domain ??

    Thread Starter islandcastaway

    (@islandcastaway)

    Thanx,

    I just found that and was looking at it.

    Was looking at the difference between 2 examples on that page:
    RewriteCond %{HTTP_REFERER} !^https://([a-z0-9]+\.)?domain\.com [NC]
    and
    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain\. [NC]

    Besides the https difference wasn’t sure which was a better way.

    Cheers

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    domain\. by itself will match <anything>.domain.<anything>.

    In practical terms, that means ipstenu.org, code.ipstenu.org and ipstenu.tumblr.com would all pass the check.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘block image hotlinking on multisite’ is closed to new replies.