I have a personal (vanity, not business) web site and I got tired of other sites hotlinking to my files so now I am using .htaccess RewriteEngine to prevent it.
Requests for graphics files with a referrer field from my own site get served and those from other sites get blocked. So far so good.
The question is what to do with requests with no referrer information. Googlebot and other crawlers have no referrer info and it is easy enough to enable them individually as wanted. No problem there either.
But what about other requests with no referrer? What is the standard way of dealing with them? I suppose I could enable them all but that would seem to favor those who block the referrer field because they could use hotlinks that would be blocked to those who use the referrer field. On the other hand I see in the logs a few visitors who downloaded the HTML file but could not get the graphics because their browser was blocking the referrer info. Obviously I would want to avoid this. If everybody blocked the referrer info then this method of blocking hotlinking would not work.
More puzzling is that I see an IP request the HTML and graphics providing the referrer but then the same IP immediately requests the graphics again with no referrer and a code 302 is returned. I have no idea why this happens. What might be a reason for this?
What do webmasters generally do? Just grant all requests with no referrer?
It would seem to me that the best way to deal with the issue would be to grant all requests for graphic files coming from an IP who had requested an HTML file from the same directory in the last (say) 30 seconds. This would obviate the need for using the referrer info. On the other hand I have no idea if it is possible to do this with htaccess. I believe a GET request can only be evaluated on its own and not on any sever logs or history. Right?
Requests for graphics files with a referrer field from my own site get served and those from other sites get blocked. So far so good.
The question is what to do with requests with no referrer information. Googlebot and other crawlers have no referrer info and it is easy enough to enable them individually as wanted. No problem there either.
But what about other requests with no referrer? What is the standard way of dealing with them? I suppose I could enable them all but that would seem to favor those who block the referrer field because they could use hotlinks that would be blocked to those who use the referrer field. On the other hand I see in the logs a few visitors who downloaded the HTML file but could not get the graphics because their browser was blocking the referrer info. Obviously I would want to avoid this. If everybody blocked the referrer info then this method of blocking hotlinking would not work.
More puzzling is that I see an IP request the HTML and graphics providing the referrer but then the same IP immediately requests the graphics again with no referrer and a code 302 is returned. I have no idea why this happens. What might be a reason for this?
What do webmasters generally do? Just grant all requests with no referrer?
It would seem to me that the best way to deal with the issue would be to grant all requests for graphic files coming from an IP who had requested an HTML file from the same directory in the last (say) 30 seconds. This would obviate the need for using the referrer info. On the other hand I have no idea if it is possible to do this with htaccess. I believe a GET request can only be evaluated on its own and not on any sever logs or history. Right?