I can confirm that the code block works ok without that line.g1smd wrote:OK. The final question with that part is simply whether this line for ADMIN functions is needed any more:It may be the POST fix code (already confirmed as fixing search and virtuemart) also fixes the earlier ADMIN problems too.Code: Select all
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
Suggested Master .htaccess file
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Suggested Master .htaccess file
PhilD
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
Your web host will need to install it. Otherwise just comment it out.sog2012 wrote:I still need to comment out this following section because it gives me an server error 500.Is that section really needed? Can I live without it? Cause I don't know how to compile with mod_deflate.Code: Select all
########## Begin - Automatic compression of resources # Compress text, html, javascript, css, xml, kudos to Komra.de # May kill access to your site for old versions of Internet Explorer # The server needs to be compiled with mod_deflate otherwise it will send HTTP 500 Error. # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the future. AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript ########## End - Automatic compression of resources
That's good to know. Having one exclusion makes the code easier to maintain.PhilD wrote:I can confirm that the code block works OK without that line.Code: Select all
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
Online since 1995.
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
I am changing hosts soon anyway, changing from ixwebhosting to either Rochen, CloudAccess.net or iRedHost.com, so hopefully they will help me fix that.g1smd wrote:Your web host will need to install it. Otherwise just comment it out.sog2012 wrote:I still need to comment out this following section because it gives me an server error 500.Is that section really needed? Can I live without it? Cause I don't know how to compile with mod_deflate.Code: Select all
########## Begin - Automatic compression of resources # Compress text, html, javascript, css, xml, kudos to Komra.de # May kill access to your site for old versions of Internet Explorer # The server needs to be compiled with mod_deflate otherwise it will send HTTP 500 Error. # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the future. AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript ########## End - Automatic compression of resources
That's good to know. Having one exclusion makes the code easier to maintain.PhilD wrote:I can confirm that the code block works OK without that line.Code: Select all
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
But I did just raise a new ticket with my current host and I requested that they install mod_deflate
for me.
Allright, here is my final feedback... THANK YOU , everything works perfect. Well DONE!
Last edited by sog2012 on Wed Mar 16, 2011 11:08 pm, edited 1 time in total.
Best wishes and God bless.
-
- Joomla! Apprentice
- Posts: 17
- Joined: Tue Mar 08, 2011 8:56 pm
Re: Suggested Master .htaccess file
@g1smd,
The W3C Markup Validation Service at w3.org gets a 403 Forbidden error when trying to validate the CSS files. If I enter the same url (e.g., http://www.mysite.com/templates/FrontPa ... mplate.css) into my browser (FireFox 3.6.15) the CSS file prints out on my screen. I don't know if this impacts security or not but thought I'd mention it.
Other than the above, the other htaccess functions I could test seem to work fine on my limited function website.
The W3C Markup Validation Service at w3.org gets a 403 Forbidden error when trying to validate the CSS files. If I enter the same url (e.g., http://www.mysite.com/templates/FrontPa ... mplate.css) into my browser (FireFox 3.6.15) the CSS file prints out on my screen. I don't know if this impacts security or not but thought I'd mention it.
Other than the above, the other htaccess functions I could test seem to work fine on my limited function website.
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
Is the W3 validator user agent one of those listed in the UA block list?
Maybe it is the lack of referrer data that gets it the whack?
Is this effect happening with or without this change? http://docs.joomla.org/Htaccess_example ... ldid=38010
Maybe it is the lack of referrer data that gets it the whack?
Is this effect happening with or without this change? http://docs.joomla.org/Htaccess_example ... ldid=38010
Online since 1995.
-
- Joomla! Apprentice
- Posts: 17
- Joined: Tue Mar 08, 2011 8:56 pm
Re: Suggested Master .htaccess file
It's happening without that last change... I try it with..
-
- Joomla! Apprentice
- Posts: 17
- Joined: Tue Mar 08, 2011 8:56 pm
Re: Suggested Master .htaccess file
@g1smd,
Thanks... the w3c Validator now works correctly after changing the HTTP_REFERER line to:
Thanks... the w3c Validator now works correctly after changing the HTTP_REFERER line to:
Code: Select all
RewriteCond %{HTTP_REFERER} .
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
Be sure that was not "changing" a line, but "adding" a line.
Online since 1995.
-
- Joomla! Apprentice
- Posts: 17
- Joined: Tue Mar 08, 2011 8:56 pm
Re: Suggested Master .htaccess file
@g1smd,
You caught me on that one, I changed the line. It (w3c) worked fine but standard access to the website couldn't read the CSS file. I'll try it the other way tomorrow... the YL is hollering at me to come to supper (and get off this xxxx computer!).
Thanks again for your time on this...
Joe
You caught me on that one, I changed the line. It (w3c) worked fine but standard access to the website couldn't read the CSS file. I'll try it the other way tomorrow... the YL is hollering at me to come to supper (and get off this xxxx computer!).
Thanks again for your time on this...
Joe
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
With .htaccess every little detail is important. This is server configuration code.
There have been times when a single typo has destroyed site indexing and traffic, and quite literally put people out of business.
There have been times when a single typo has destroyed site indexing and traffic, and quite literally put people out of business.
Online since 1995.
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
g1smd, do you have an hotmail or gmail email you could post here so I can send you an email? For some reason I am unable to send you a PM or email through this forum.g1smd wrote:With .htaccess every little detail is important. This is server configuration code.
There have been times when a single typo has destroyed site indexing and traffic, and quite literally put people out of business.
BTW, this was the reply from ixwebhosting:
"Thank you for contacting our technical support team. Mod_deflate is Apache 2.0 module and cannot be installed on Apache 1.3 version we provide, unfortunately."
Best wishes and God bless.
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Suggested Master .htaccess file
tell your host to update or change your host
http://httpd.apache.org/
http://httpd.apache.org/
Apache httpd 1.3.42 is the final stable version of the 1.3 series, which was released and declared end of life on February 2nd, 2010. No further development or maintenance will occur for the 1.3 series.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
I did as you suggested, and they said no way they can do it, and they then tried to sell me an VPS upgrade plan, and I said in return, "No way I cannot do it" hehemandville wrote:tell your host to update or change your host
http://httpd.apache.org/
Apache httpd 1.3.42 is the final stable version of the 1.3 series, which was released and declared end of life on February 2nd, 2010. No further development or maintenance will occur for the 1.3 series.
That's OK, I am changing hosting companies soon, and in the meantime, I just edited out that one section that needs Apache 2.0 and the rest of the .htaccess file is working great
Thank you to g1smd and everyone else who helped out.
Best wishes and God bless.
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Suggested Master .htaccess file
Better change today and move your site over since you are in grave danger of being whacked/smacked/hackedsog2012 wrote:That's OK, I am changing hosting companies soon
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- Joomla! Apprentice
- Posts: 17
- Joined: Tue Mar 08, 2011 8:56 pm
Re: Suggested Master .htaccess file
@g1smd,
I corrected my screw-up above and am now running the Suggested Master htaccess file, Revision as of 07:57, 17 March 2011 by G1smd (with out the Other useful settings section & the Block bad user agents). It all seems to be working OK for my (limited) usage.
In trying to access different directories and files on my site (as a non-logged in user) I can get 3 or 4 different errors and sometimes just a blank screen (e.g., /templates/index.php). It appears from just these (different) errors a determined user could figure out more information about the site than might be either necessary or optimum from a security stand point. But, I don't think it's worth pursuing further.
Again, thanks for your time in straightening out the htaccess file. I'm in a lot better shape now that when I started...
Joe
I corrected my screw-up above and am now running the Suggested Master htaccess file, Revision as of 07:57, 17 March 2011 by G1smd (with out the Other useful settings section & the Block bad user agents). It all seems to be working OK for my (limited) usage.
In trying to access different directories and files on my site (as a non-logged in user) I can get 3 or 4 different errors and sometimes just a blank screen (e.g., /templates/index.php). It appears from just these (different) errors a determined user could figure out more information about the site than might be either necessary or optimum from a security stand point. But, I don't think it's worth pursuing further.
Again, thanks for your time in straightening out the htaccess file. I'm in a lot better shape now that when I started...
Joe
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
There's a few more things that could be changed, but for very minor gain.
Sometimes there's utility in returning 404 or 410 for some requests instead of 403.
However, as you note, we're well into the "diminishing returns" arena now.
Sometimes there's utility in returning 404 or 410 for some requests instead of 403.
However, as you note, we're well into the "diminishing returns" arena now.
Online since 1995.
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
Not a chance, I am using the incredible Master .htaccess fileleolam wrote:Better change today and move your site over since you are in grave danger of being whacked/smacked/hackedsog2012 wrote:That's OK, I am changing hosting companies soon
Leo
Very happy with it.
Best wishes and God bless.
- ilox
- Joomla! Explorer
- Posts: 444
- Joined: Thu Aug 25, 2005 3:29 pm
- Location: Adelaide, South Australia
- Contact:
Re: Suggested Master .htaccess file
g1smd, Phil, sog, leo, Joe and everybody else that has been playing in this pool, a huge thank you for all you have been contributing. It has been a challenge to read through all of this and see the changes that have been put forward and either accepted or again modified. This stuff is very technical and yet something that is essential for every site.
Just a little question and I think it is related to what has been done so far. Most of my sites are in Joomla but one is old HTML and some others in concrete5. Can I use this across the board or only for my Joomla sites?
@mandville and mods:
If it is applicable across the board should I be referring others (non-Joomla) to this thread, the wiki post or is there going to be a repository that I can point others to to get their own .htaccess file?
Just a little question and I think it is related to what has been done so far. Most of my sites are in Joomla but one is old HTML and some others in concrete5. Can I use this across the board or only for my Joomla sites?
@mandville and mods:
If it is applicable across the board should I be referring others (non-Joomla) to this thread, the wiki post or is there going to be a repository that I can point others to to get their own .htaccess file?
Cheers, Ian
"Always remember. Love is the purest feeling, the wisest thought and the strongest reason. Always!"
by Sea-Life
"Always remember. Love is the purest feeling, the wisest thought and the strongest reason. Always!"
by Sea-Life
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Suggested Master .htaccess file
welcome back ilox, g1smd is finishing up the edits and will no doubt announce the final suggested version.
sog2012 i think you better read this before relying soley on the htaccess
http://[no tiny url]/13isdangerous
sog2012 i think you better read this before relying soley on the htaccess
http://[no tiny url]/13isdangerous
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
The complete list of changes: http://docs.joomla.org/Htaccess_example ... ldid=35925ilox wrote: It has been a challenge to read through all of this and see the changes that have been put forward and either accepted or again modified.
The list of comments for changes: http://docs.joomla.org/Htaccess_example ... on=history
Don't try to follow every turn of this thread, because some people issued incorrect or incomplete advice, and various code combinations were tried and found to not work.
Some of the code is useful for any site. Some is useful for dynamic/scripted sites in general. Some is specific to Joomla paths and filenames.ilox wrote: Just a little question and I think it is related to what has been done so far. Most of my sites are in Joomla but one is old HTML and some others in concrete5. Can I use this across the board or only for my Joomla sites?
Refer people to the Wiki page. Do note that one size does NOT fit all.ilox wrote: If it is applicable across the board should I be referring others (non-Joomla) to this thread, the wiki post or is there going to be a repository that I can point others to to get their own .htaccess file?
Last edited by g1smd on Sat Mar 19, 2011 1:50 am, edited 1 time in total.
Online since 1995.
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
A few notes about the recently revised .htaccess file.
The recent changes fix syntax errors in several rules, and improve efficiency in many others. Little or no extra functionality is implemented, except to bring into use rules which previously failed to operate due to coding errors. Several extra notes and/or additions to existing notes have been added to clarify and codify the various rules and their functionality.
The new file likely does not protect sites from all possible or probable risks. YOU are responsible for the security of YOUR site. Read the instructions within the file very carefully. At least twice. Evaluate every section of the file individually as to whether it applies to your site and your server configuration. Note that some sections of code do not work with Apache 1.x servers, and must be commented out when used in that scenario. Long term you should consider upgrading to Apache 2.x as soon as possible.
The .htaccess file is a collection of works. It is not a complete and definitive file to simply cut and paste for any site. Make sure that example.com and www.example.com are replaced with your own domain name in every place within the file (and escape literal periods where required too). The file is provided "as is" and you use the new file at your own risk.
In addition, note the latest versions of Joomla are currently 1.5.22 and 1.6.1, with several recent versions implementing a number of internal security upgrades. If you are using a previous version of Joomla you should upgrade to the latest version as soon as possible. There is no point in sealing the back door by using these .htaccess rules, whilst leaving a side door wide open by using an old version of Joomla.
Likewise, whenever you upgrade your Joomla site in the future, you must re-evaluate the entire .htaccess file to identify parts which no longer apply, parts which need to be edited or upgraded in some way, and identify new risks for which new .htaccess code will need to be created.
Finally, read the comments within the .htaccess file in full, and then again several more times. YOU are responsible for the security of YOUR site.
The recent changes fix syntax errors in several rules, and improve efficiency in many others. Little or no extra functionality is implemented, except to bring into use rules which previously failed to operate due to coding errors. Several extra notes and/or additions to existing notes have been added to clarify and codify the various rules and their functionality.
The new file likely does not protect sites from all possible or probable risks. YOU are responsible for the security of YOUR site. Read the instructions within the file very carefully. At least twice. Evaluate every section of the file individually as to whether it applies to your site and your server configuration. Note that some sections of code do not work with Apache 1.x servers, and must be commented out when used in that scenario. Long term you should consider upgrading to Apache 2.x as soon as possible.
The .htaccess file is a collection of works. It is not a complete and definitive file to simply cut and paste for any site. Make sure that example.com and www.example.com are replaced with your own domain name in every place within the file (and escape literal periods where required too). The file is provided "as is" and you use the new file at your own risk.
In addition, note the latest versions of Joomla are currently 1.5.22 and 1.6.1, with several recent versions implementing a number of internal security upgrades. If you are using a previous version of Joomla you should upgrade to the latest version as soon as possible. There is no point in sealing the back door by using these .htaccess rules, whilst leaving a side door wide open by using an old version of Joomla.
Likewise, whenever you upgrade your Joomla site in the future, you must re-evaluate the entire .htaccess file to identify parts which no longer apply, parts which need to be edited or upgraded in some way, and identify new risks for which new .htaccess code will need to be created.
Finally, read the comments within the .htaccess file in full, and then again several more times. YOU are responsible for the security of YOUR site.
Online since 1995.
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
What do you mean by "and escape literal periods where required too"?g1smd wrote:...(and escape literal periods where required too). ..
Best wishes and God bless.
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
A Regular Expression pattern such as ^www.example.com$ would match wwwXexample9com or www2exampleNcom or www_example_com. Within a RegEx pattern the "." means "any character".
Since the one and only character you want to match is a literal period "." you must escape the period in the pattern by using ^www\.example\.com$ instead
There are many places within the file where this syntax is used and it is important to get it right.
Since the one and only character you want to match is a literal period "." you must escape the period in the pattern by using ^www\.example\.com$ instead
There are many places within the file where this syntax is used and it is important to get it right.
Online since 1995.
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
I for one didn't understand a word you said. So I wonder how many others could be affected with a lack of understanding regarding this part.g1smd wrote:A Regular Expression pattern such as ^www.example.com$ would match wwwXexample9com or www2exampleNcom or www_example_com. Within a RegEx pattern the "." means "any character".
Since the one and only character you want to match is a literal period "." you must escape the period in the pattern by using ^www\.example\.com$ instead
There are many places within the file where this syntax is used and it is important to get it right.
All I did with the .htaccess file was replace all the words "example" with my domain name, and I replaced the word ".com" with ".org".
Best wishes and God bless.
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
There is no way I am going to read those lengthy pages and be able to understand what it says. I am just a dumb blonde girl who changes example to my domain name and use the .htaccess, that's as far as my ability goes
But you have made me realise that it's not just as simple as changing example to our domain name and changing .com to our own extension, so I may have to remove the .htaccess before it may do some damage to my website.
Best wishes and God bless.
-
- Joomla! Guru
- Posts: 951
- Joined: Mon Feb 21, 2011 4:02 pm
- Location: UK
Re: Suggested Master .htaccess file
It's quite simple. Where the file has "." use ".", and where it has "\." use "\." each time.
The "\" is the escaping, and is needed in several very specific places.
The "\" is the escaping, and is needed in several very specific places.
Online since 1995.
- sog2012
- Joomla! Explorer
- Posts: 457
- Joined: Fri Feb 11, 2011 1:47 am
Re: Suggested Master .htaccess file
I am confused... why do I need to use "." and "\." when it's already in the .htaccess file? I don't need to change it or use it because it's already being used, right?g1smd wrote:It's quite simple. Where the file has "." use ".", and where it has "\." use "\." each time...
The only thing I have done in the entire .htaccess file is change the word "example" to my domain name, and changed the ".com" to ".org".
That's all I have done and it seems to be working.
Best wishes and God bless.
-
- Joomla! Apprentice
- Posts: 6
- Joined: Tue Oct 27, 2009 9:57 pm
Re: Suggested Master .htaccess file
Hi
Thanks to eveyone for this beautiful post.
If you log to the backend through https this block will redirect you again to http.
I' m sorry but I have no enough knowledge to fix it. A temporary solution is to use this line suggested before.
Another https related issue, are secure forms, I have one to collect customer details and I need to add "s?" right after "!^http" for it to work properly, in the following block:
Best Regards, and thanks again.
Thanks to eveyone for this beautiful post.
If you log to the backend through https this block will redirect you again to http.
Code: Select all
########## Begin - Redirect index.php to / for root and /path/ for folders
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
RewriteRule ^(([^/]+/)*)index\.php$ http://www.example.com/$1 [R=301,L]
########## End - Redirect index.php to / for root and /path/ for folders
Code: Select all
RewriteCond %{REQUEST_URI} !/([^/]+/)*administrator
Code: Select all
## Referrer filtering for common media files. Replace with your own domain.
## This blocks most common fingerprinting attacks ;)
## Note: Change www\.example\.com with your own domain name, substituting
## the dots with \. i.e. use www\.example\.com for www.example.com
RewriteRule ^images/stories/([^.]+)\.(jpe[g2]?|jpg|png|gif|bmp|css|js|swf|ico|html?) - [L]
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule \.(jpe[g2]?|jpg|png|gif|bmp|css|js|swf|ico|html?)$ - [F]
Best Regards, and thanks again.
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Suggested Master .htaccess file
What is meant is this:sog2012 wrote:I am confused... why do I need to use "." and "\." when it's already in the .htaccess file? I don't need to change it or use it because it's already being used, right?g1smd wrote:It's quite simple. Where the file has "." use ".", and where it has "\." use "\." each time...
The only thing I have done in the entire .htaccess file is change the word "example" to my domain name, and changed the ".com" to ".org".
That's all I have done and it seems to be working.
If I want to use the code block below I need to make it work with my site. I do this like this:
Say my site name is http://www.mysite.org
I change this line: RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
to look like this:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.org [NC]
And I think ( to early in morning) before you ask, if my domain is just mysite.org and I don't use the www. part the line remains the same. That is:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.org [NC]
This is because the question mark matches or indicates there is zero or one of the preceding element. Which in this case would be what is contained (grouped) within the parenthesis (www\.)
Code: Select all
## Referrer filtering for common media files. Replace with your own domain.
## This blocks most common fingerprinting attacks ;)
## Note: Change www\.example\.com with your own domain name, substituting
## the dots with \. i.e. use www\.example\.com for www.example.com
RewriteRule ^images/stories/([^.]+)\.(jpe[g2]?|jpg|png|gif|bmp|css|js|swf|ico|html?) - [L]
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule \.(jpe[g2]?|jpg|png|gif|bmp|css|js|swf|ico|html?)$ - [F]
PhilD