I am not completely sure I get what you mean, but I will try to answer you.
I am thinking two possible situations:
1. Allow "hotlinking" where one website wants to download something from a different website on the same server. You need to allow or block hotlinking based on who is downloading the resource.
2. Allow hotlinking from a website, which a client needs to download resources from while visiting a different website. You need to allow or block hotlinking based on which website the client is visiting.
Are any of these what you want?
If it's the
first one, you need to block access when %{REMOTE_ADDR} is not the server's IP address.
If it's the
second one, you need to block access when %{HTTP_REFERER} does not contain one of the websites' domain.
Example for the first one:
Code:
# allows you to specify which files this applies to
RewriteCond %{REQUEST_FILENAME} \.(?:js|css|gif|png|jpg)$
# if the client's (server's) IP address is not this
RewriteCond %{REMOTE_ADDR} !^0\.0\.0\.0$
# forbid access
RewriteRule .* - [F,L]
Example for the second one:
Code:
# allows you to specify which files this applies to
RewriteCond %{REQUEST_FILENAME} \.(?:js|css|gif|png|jpg)$
# if the client did not come from this site
RewriteCond %{HTTP_REFERER} !^https?://www\.domain\.com/
# forbid access
RewriteRule .* - [F,L]
Please change the code to suit your needs.
If you go for the second solution, you should know that it does not stop anyone from changing/faking/spoofing the referer header if they want to, but it is better than nothing.
Also, certain firewalls may change or clear this header to protect users' privacy. They will not be able to view your website properly because the referer header no longer contains one of the websites you want to allow hotlinking from.
I hope I could answer your question.
If not, I hope at least someone here can learn something from this.
Dev Shed Forums Sponsor:
June 11th, 2009, 03:49 PM
Allow hotlinking from domains on IP
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
