I have this snippet code in my .htaccess file to prevent users from hotlinking the server's images:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www.)?itransformer.es/.*$ [NC]
RewriteRule \.(gif|jpe?g|png|wbmp)$ http://itransformer.es [R,L]
Of course, it is not working in my localhost, but don't know how to achieve it.
My guess is that I should change the domain name with any wildcard.
Any idea?
Update
I've finally found out the answer thanks to @Chris solution:
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^https?://%{HTTP_HOST}/.*/usuarios/.*$ [NC]
RewriteRule \.(gif|jpe?g|png|wbmp)$ http://%{HTTP_HOST} [R=301,L]
The /usuarios/ directory is because I only want to deny direct access to files inside this directory.
Update2
For some reason, it doesn't work again. Finally I think that I found out a better solution:
RewriteCond %{REQUEST_FILENAME} .*/usuarios/.*$ [NC]
RewriteRule \.(gif|jpe?g|png|wbmp)$ http://%{HTTP_HOST} [R=301,L]
I say better solution because what I want to deny is direct access to a file (image).
Update3
Well, after a while I discovered above wasn't exactly what I wanted, so the next is definitive:
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^https?://itransformer.*$ [NC]
RewriteRule /usuarios/.*\.(gif|jpe?g|png|wbmp)$ - [R=404,L]
Just two doubts:
If I change the above to:
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^https?://%{HTTP_HOST}.*$ [NC]
RewriteRule /usuarios/.*\.(gif|jpe?g|png|wbmp)$ - [R=404,L]
it doesn't work. I don't understand why, because %{HTTP_HOST} is equal to itransformer in my localhost, and it should work.
The second doubt is why is shown the default 404 page and not my custom page (that is shown in all other 404 responses).