Issue #185 of A List Apart’s articles deals with the issue of smarter image hotlinking prevention.
Now whilst I fall into the benevolent, altruistic webmaster category which doesn’t really care if my images are being hotlinked, there has been more than one occasion where Internet newbies have hotlinked rather big images as webpage backgrounds on there own little sites, which does bring out the more mischievous me. :D
Anyhow, at the end of this issue of ALA, there was a little bit about using such a technique for Gallery:
Taking it further
If you’re using some kind of content management system like Gallery, there might be a way to tie a script like this into a database of pictures, and automatically generate ALT tags and more information about the picture.
Of course, I’ll leave that as an exercise for the reader.
No need to jump through hoops when the application itself pulls images from it’s database… remember kids, KISS!
Assuming you have your Gallery installed at http://mydomain.tld/gallery/ and it’s pictures stored at http://mydomain.tld/albums/, your .htaccess in your /albums/ directory would look like so:
RewriteEngine On
RewriteBase /albums/
RewriteCond %{REQUEST_FILENAME} !(.*thumb|.*highlight) [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !mydomain\.tld [NC]
RewriteCond %{HTTP_REFERER} !friendly-domain\.tld [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteRule ^([^\.\?/]+)/([A-Za-z_0-9\-]+)(.*)(\.jpg|\.jpeg|\.gif|\.png)$ /gallery/$1/$2 [R=301]
How it works it pretty simple, excluding hairloss caused by RegExes.
Here’s what each line does in turn:
RewriteEngine On- Start Apache’s mod_rewrite engine.
RewriteBase /albums/- Set the rewrite base URL.
RewriteCond %{REQUEST_FILENAME} !(.*thumb|.*highlight) [NC]- Not match
*.thumb.extand*.highlight.ext, which meansmyphoto.thumb.extandmyphoto.highlight.extcan be hotlinked, butmyphoto.extandmyphoto.sized.ext, the larger images, cannot. RewriteCond %{HTTP_REFERER} !^$- Not match requests where no refer is set, which allows linking where an URI is pasted straight to the web browser’s address bar.
RewriteCond %{HTTP_REFERER} !mydomain\.tld [NC]- Not match requests where the referer is from your own domain, obviously.
RewriteCond %{HTTP_REFERER} !friendly-domain\.tld [NC]- Not match requests where the referer is from an allowed friendly domain. Add additional entries on a new line, though
!(friendly-domain1\.tld|friendly-domain2\.tld|friendly-domain3\.tld)syntax will work too at the expense of readablity. RewriteCond %{HTTP_REFERER} !google\. [NC]- Not match requests where the referer is Google, with all it’s ccTLD variants.
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]- Not match requests where the refer contains the above string which allows Google Cache and Google Image Search to work properly.
RewriteRule ^([^\.\?/]+)/([A-Za-z_0-9\-]+)(.*)(\.jpg|\.jpeg|\.gif|\.png)$ /gallery/$1/$2 [R=301]- The actual redirection rule when none of the above conditions are matched. Will redirect
/albums/sub-album-name/image-name.extand/albums/sub-album-name/image-name.sized.extrequests to/gallery/sub-album-name/image-name. The.extcan be expanded to allow more than the listed,.jpg,.jpeg,.gifand.png.
That’s it! Not so bad really was it?
