How to enable hotlink protection without hardcoding my domain in the Apache config file?

Posted by Jeff on Server Fault See other posts from Server Fault or by Jeff
Published on 2012-10-11T13:29:32Z Indexed on 2012/10/11 21:39 UTC
Read the original article Hit count: 277

Filed under:
|

Been surfing around for a solution for a couple days now.

How do I enable Apache hotlink protection without hardcoding my domain in the config file so I can port the code to my other domains without having to update the config file every time?

This is what I have so far:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com [NC]
RewriteRule \.(gif|ico|jpe|jpeg|jpg|png)$ - [NC,F,L]

... And this is what Apache suggests:

SetEnvIf Referer example\.com localreferer
<FilesMatch \.(jpg|png|gif)$>
    Order deny,allow
    Deny from all
    Allow from env=localreferer
</FilesMatch>

... both of which hardcode the domain in their rules.

The closest I came to finding any info that covers this is right here on ServerFault, but the conclusion was that it cannot be done. Based on my research, that appears to be true, but I didn't find any questions or commentary dedicated soley to this question.

If anyone's curious, here is the link to the Apache 2 docs that cover this topic.

Note that Apache variables (e.g. %{HTTP_REFERER}) can only be used in the RewriteCond text-string and the RewriteRule substitution arguments.

© Server Fault or respective owner

Related posts about apache2

Related posts about hotlinking