Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

hotlinking JavaScript libraries
 
valegal
Sr. Member
 
Total Posts:  131
Joined:  2009-06-18
 

So I noticed via my access logs that someone is hotlinking to my JavaScript libraries.  Like so:

<script src="http://www.whatever.com/js/index.php?......>

Is there any way to deny access to this file?  I’ve tried the RewriteRule in my .htaccess but it doesn’t seem to do the trick.  I also tried doing something in my index.php but it started to mess up some things in my checkout pages. smile

 
Magento Community Magento Community
Magento Community
Magento Community
 
cloudquarry
Guru
 
Avatar
Total Posts:  528
Joined:  2008-11-19
 

.htaccess should do it. You can protect it by referrer like so:

RewriteCond %{HTTP_REFERER}!^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://domain.com$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.domain.com$ [NC]
RewriteRule .*\.(css¦js)$ - [F,NC]

or like so:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/? [NC]
RewriteRule \.(css¦js)$ - [NC]

If somebody’s smart enough, they can still pass a fake referrer value, and get around this, but it should block most lazy attempts.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top