问题
I had hotlink protection working, so I thought, but not for when the referrer is local.
IndexIgnore *
Options +FollowSymlinks
RewriteEngine on
RewriteOptions MaxRedirects=10
RewriteCond %{REQUEST_URI} ^/image_dir/
RewriteCond %{REQUEST_URI} \.(png|gif|jpe?g)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain.com/
RewriteRule ^(.*)$ /some_dir/some_file.php?querystring=$1 [L]
What I need is:
If the referrer is not from my site on any image request on the site, then redirect to the page with what image the user is requesting.
If the referrer is from my site and the request is for any image in the image_dir, then redirect, otherwise do not.
Any help is greatly appreciated!
EDIT: Here is the full file to help:
## Default .htaccess file
IndexIgnore *
Options +FollowSymlinks
RewriteEngine on
RewriteOptions MaxRedirects=10
# your rules were looping before, that's bad, this will stop it
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
# redirect the browser back to the referring page
RewriteCond %{REQUEST_URI} ^/img/
RewriteCond %{REQUEST_URI} \.(png|gif|jpe?g)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain.com/
RewriteRule ^ %{HTTP_REFERER} [L,R]
# rewrite the request to the handler
RewriteCond %{REQUEST_URI} ^/img/
RewriteCond %{REQUEST_URI} \.(png|gif|jpe?g)$ [NC]
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?domain.com/
RewriteRule ^(.*)$ /img/index.php?img_hash=$1 [L]
## Do pretty permalinks for our images
# these rules ensure you aren't clobbering legit requests (like to image.php)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# just in case, exclude the admin directory
RewriteCond %{REQUEST_URI} !^/admin [NC]
# rewrite
RewriteRule ^(.*)$ /display_image.php?img_hash=$1 [L]
Everything works exactly like I want except hotlinking:
domain.com/t4hd -> domain.com/display_image.php?img_hash=t4hd (WORKS)
domain.com/t4hd.jpg -> domain.com/display_image.php?img_hash=t4hd.jpg (WORKS)
domain.com/img/t4hd -> domain.com/img/index.php?img_hash=t4hd (WORKS)
domain.com/img/t4hd.jpg -> domain.com/img/index.php?img_hash=t4hd.jpg (WORKS)
domain.com/img/123/456/789/t4hd.jpg -> domain.com/img/index.php?img_hash=t4hd.jpg (DOES NOT WORK)
I still have to allow all requests to:
domain.com/admin/index.php (WORKS)
domain.com/profile/index.php (WORKS)
Hopefully this helps clarify what is going on. Apologies for not doing this in the beginning.
回答1:
Try using these rules instead:
# your rules were looping before, that's bad, this will stop it
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
# redirect the browser back to the referring page
RewriteCond %{REQUEST_URI} ^/image_dir/
RewriteCond %{REQUEST_URI} \.(png|gif|jpe?g)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain.com/
RewriteCond %{HTTP_REFERER} !^$
RewriteRule ^ %{HTTP_REFERER} [L,R]
# rewrite the request to the handler
RewriteCond %{REQUEST_URI} ^/image_dir/
RewriteCond %{REQUEST_URI} \.(png|gif|jpe?g)$ [NC]
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?domain.com/ [OR]
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^(.*)$ /some_dir/some_file.php?querystring=$1 [L]
That is, I'm assuming this cryptic bit in your question:
If the referrer is from my site and the request is for any image in the image_dir, then redirect, otherwise do not.
means:
"If the referer is from my site and the request is for any image in the image_dir, send the request to the some_file.php handler, otherwise don't do anything."
来源:https://stackoverflow.com/questions/12451085/mod-rewrite-conditions-help-for-hotlinking-but-allow-local-requests