How to enable hotlink protection without hardcoding my domain in the Apache config file?

Posted by Jeff on Server Fault See other posts from Server Fault or by Jeff
Published on 2012-10-11T13:29:32Z Indexed on 2012/10/11 21:39 UTC
Read the original article Hit count: 344

Filed under:

apache2

|

hotlinking

Been surfing around for a solution for a couple days now.

How do I enable Apache hotlink protection without hardcoding my domain in the config file so I can port the code to my other domains without having to update the config file every time?

This is what I have so far:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com [NC]
RewriteRule \.(gif|ico|jpe|jpeg|jpg|png)$ - [NC,F,L]

... And this is what Apache suggests:

SetEnvIf Referer example\.com localreferer
<FilesMatch \.(jpg|png|gif)$>
    Order deny,allow
    Deny from all
    Allow from env=localreferer
</FilesMatch>

... both of which hardcode the domain in their rules.

The closest I came to finding any info that covers this is right here on ServerFault, but the conclusion was that it cannot be done. Based on my research, that appears to be true, but I didn't find any questions or commentary dedicated soley to this question.

If anyone's curious, here is the link to the Apache 2 docs that cover this topic.

Note that Apache variables (e.g. %{HTTP_REFERER}) can only be used in the RewriteCond text-string and the RewriteRule substitution arguments.

© Server Fault or respective owner

Related posts about apache2

apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2… >>> More
Apache segfault glibc segfault

as seen on Server Fault - Search for 'Server Fault'
I keep getting (about every 5-6 hours) this segfault in apache: [Tue Jun 26 12:43:10 2012] [notice] child pid 26810 exit signal Aborted (6) *** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0xb68c2628 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb75aef22] /lib/i386-linux-gnu/libc… >>> More
Localhost not working after installing PHP on Mountain Lion

as seen on Server Fault - Search for 'Server Fault'
I've installed php using brew install php54 --with-mysql, I've set up all the path correctly. which php will give me /usr/local/bin/php php -v will give me PHP 5.4.8 (cli) (built: Nov 20 2012 09:29:31) php --ini will give me: Configuration File (php.ini) Path: /usr/local/etc/php/5.4 Loaded Configuration… >>> More
Apache 2 Virtual Hosts no working on OSX 10.6

as seen on Server Fault - Search for 'Server Fault'
This is my first MacBook and I'm trying to get virtual hosts up and running so as it's going to be my dev machine. I've got apache/php/mysql running fine, the problem is that what ever address I go to I just get one of the virtual hosts I've setup. I can't even get to the root site anymore. I had… >>> More
apache2 error Could not open configuration file /etc/apache2/conf.d/: No such file or directory

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have just upgraded my Ubuntu 13.10 and apache2 is not working. When I try to start the apache2 server it is printing following errors: * Starting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 263 of /etc/apache2/apache2.conf: Could… >>> More

Related posts about hotlinking

blocking hotlinking with .htaccess only works for plain domain, when preceeded by www no block

as seen on Server Fault - Search for 'Server Fault'
Having tried all sorts of suggestions popping up from google, I am at my wit's end. Presently I use a solution created with htaccesstools.com/hotlink-protection/ RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.tld/.*$ [NC] RewriteRule \.(gif|jpg|jpeg|png|js|css)$… >>> More
Efficient Method for Preventing Hotlinking via .htaccess

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to confirm something before I go accuse someone of ... well I'd rather not say. The problem: We allow users to upload images and embed them within text on our site. In the past we allowed users to hotlink to our images as well, but due to server load we unfortunately had to stop this. Current… >>> More
Image hotlinking providers?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I use a lot of images in my wordpress and due to hosting restrictions I need to host the images somewhere else and hotlink them in my blog posts. So I am looking for some reliable image host which provides free hotlinking service. The Google Picasa would be best, but I think they do not allow hotlinking… >>> More
Hotlinking images in Outlook emails

as seen on Super User - Search for 'Super User'
I want to create an email with a signature that contains an external image. For example, I would like to always include my SuperUser flair in my signature like so: http://superuser.com/users/flair/53525.png This can be done if I insert an image and select the above source. The problem occurs when… >>> More
.htaccess: Redirect Hotlink Flash --> Site with embed Flash

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I have some .php sites that embeds .swf files. These .swf files are now linked to by some other guys. And I don't want them to simply open the SWF, I want them to force being redirect to the page where the flash is embed. Data: Site: www.example.com/1 (www.example.com/2, www.example.com/3 and so… >>> More