hotlinking

I use Amazon Cloudfront to host all my site's images and videos, to serve them faster to my users which are pretty scattered across the globe. I also apply pretty aggressive forward caching to the elements hosted on Cloudfront, setting Cache-Control to public, max-age=7776000 . I've recently discovered to my annoyance that third party sites are hotlinking to my Cloudfront server to display images on their own pages, without authorization. I've configured .htaccess to prevent hotlinking on my own server, but haven't found a way of doing this on Cloudfront, which doesn't seem to support the

I would like to create a web site with many images. But I would like to protect against direct access to images, e.g. direct links to images without visiting the web site. What is the preferred way to do this? And what are the alternatives with Pros and cons? I have some ideas (I don't know if they are possible): File permissions PHP Sessions Temporary file names or URLs HTTP Redirection? Maybe this isn't practiced on many web sites? E.g. I tried to access a private photo on Facebook without beeing logged in, but I could still visit the photo. The platform will probably be a Ubuntu machine

I have a website where users should be able to log in and listen to a song (a self-created mp3). I want to make it so the logged in user can listen/download/whatever, and the file should reside on the server (not be stored in the MySQL database), but not be able to be accessed by non-users who have the path to the URL. For example: say my mp3 is located at mysite.com/members/song.mp3 If you are logged in, you should be able to see the mysite.com/members/index.php page, which will allow access to the song.mp3 file. If you're not logged in, the mysite.com/members/index.php page will not show you

So I've got this in my site .htaccess file to prevent hotlinking of images, JS and CSS from all other domains. RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC] RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L] Question: How would I selectively allow one or two domains to hotlink? RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC] RewriteCond %{HTTP_REFERER} !^http://(www\.)?otherdomain\.com [NC] RewriteRule \.(gif|jpe?g|js|css)$ - [F,NC,L] Will work, as this says. "Refererr is not nothing, and referer is not