Newbie .htaccess Tutorial

By

Billy

"What is that .htaccess thing?"

.htaccess is a ascii text file used to over-ride your Apache web-servers configuration and has many weird, wonky and wonderful uses! This tutorial focues on preventing thiefs from hotlinking your images and those "chat-room" folks who like to pretend they are your favourite model by posting the url to one of your images.
note: when creating your .htaccess file, it must be saved with no file type extension! If your text editor won't allow you to save a file without an extension, most FTP clients will let you remove it after you've uploaded it to your server.

"Where do you put that thing?"

Wherever it's needed! You can have a single .htaccess file protecting your entire domain, protecting a single directory(eg. images/), or, have many .htaccess files. each protecting a different directory. Sometimes simple is better, using a single .htaccess file to protect your image directory will help you avoid problems managing/changing multiple files across your domains. I normally use a single .htaccess file in my document root directory and sometimes put niche-specific .htaccess files in some sub-directories.

"Show me that thing!"

AuthUserFile /dev/null AuthGroupFile /dev/null RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://www.newbie.com/.*$ [NC] ReWriteRule .*\.jpg$ http://www.hotlinker-hell.com [R,L]

"What do those things do?"

AuthUserFile /dev/null
AuthGroupFile /dev/null
No passwords are required for individual users or groups of users

RewriteEngine On
Have to turn it on, before it will work....... :)

RewriteCond %{HTTP_REFERER} !^http://www.newbie.com/.*$ [NC]
If the referring url "HTTP_REFERER" does not start with your domain "http://www.newbie.com/", then this conditional statement is true and the next "RewriteRule" encountered will be executed.

Since Unix is case sensitive, the [NC] flag makes the statement case insensitive. The ".*$" at the end will match any string, allowing access from any location on your domain

ReWriteRule .*\.jpg$ http://www.hotlinker-hell.com [R,L]

If the preceding Rewrite condition was true, and the request was for any url .* ending with .jpg we'll send them to the hotlinker-hell url. This is accomplished with the [R,L] flag. R forces a redirect of the url, while L says this is the last rule, don't bother checking any more.

Since Unix is case sensitive, you should modify the RewriteRule to handle upper-case extenstions if you use them and you might want to include protection for gif files.
ReWriteRule .*\.(jpg|JPG|gif|GIF)$ http://www.hotlinker-hell.com [R,L]
Would protect images ending in ".jpg", or, "JPG", or "gif", or "GIF"
If you use mixed-case in your image file names, the following rule could be used to protect strings ending in "JPG","JPg","JpG",Jpg"......,or, "GIF","GIf","GiF","Gif"......
RewriteRule .*[Jj][Pp][Gg]$|.*[Gg][Ii][Ff]$ http://www.hotlinker-hell.com [R,L]

"Show me a bigger thing!"

Its a good idea to include error document handlers in your .htaccess files and additional Rewrite conditions to handle most variations of your domains.

AuthUserFile /dev/null AuthGroupFile /dev/null RewriteEngine On ErrorDocument 400 http://www.newbie.com/special.htm ErrorDocument 403 http://www.newbie.com/special.htm ErrorDocument 404 http://www.newbie.com/special.htm ErrorDocument 500 http://www.newbie.com/special.htm ErrorDocument 501 http://www.newbie.com/special.htm ErrorDocument 503 http://www.newbie.com/special.htm RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://www.newbie.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.newbie.com:80/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://newbie.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://newbie.com:80/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.456.78.90/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://123.456.78.90:80/.*$ [NC] ReWriteRule .*\.(jpg|gif)$ http://www.hotlinker-hell.com/ [R,L]

note: there is an implied AND between each of the RewriteCond statements above.

Continued ..