in all my Apache servers I use hotlink protection because I hate the idea someone could stick my images/flash in their sites using my server bandwidth.
In order to make hotlink protection work, in my Apache .htaccess I simply use this:
#Hotlink protection (only for www.domain.it cause http://domain.it is being redirected)
RewriteCond %{HTTP_REFERER} !^http://www.domain.it/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.it$ [NC]
RewriteRule .*\.(wav|swf|jpg|jpeg|gif|png|bmp|js)$ - [F,NC]
This works well, but I recently dicovered that when I ask for http://www.domain.com/somepage.htm/
(with final slash) the hotlink protection seems to be triggered and server stops page to download .(wav|swf|jpg|jpeg|gif|png|bmp|js)
files
Do you know how could I fix this in .htaccess???
Before today I even thought that the server should return an error if I enter as URL http://www.domain.com/somepage.htm/
(with final slash). But I saw it's normal because if you look for http://www.php.net/docs.php it returns the same page of http://www.php.net/docs.php/ (final slash).
Why is that, could you explain me a bit?!
Thanks
Are you sure it's the hotlink protection? If your website is laid out something like this:
Then if somepage.htm has relative paths to the image like
<img src="images/a.jpg">
and you go tohttp://example.com/somepage.htm/
, then your web browser will think it's in the "somepage.htm" directory and try to load the imagehttp://example.com/somepage.htm/images/a.jpg
. Apache will probably send you another copy of somepage.htm if you go there, which will cause your browser to show a broken image.I'm not sure if Apache has a setting to turn this off. It doesn't make much sense on plain HTML files but the reason Apache (and other servers) allow this is for sites that use "pretty URLs" (like serverfault's URLs!) where the URL extends past the actual file. There isn't a file on serverfault called "urls-with-final-slash-trigger-hotlink-protection-on-my-server", that's just there for people (and Google) to read. You can load this question just fine with URLs with final slash trigger hotlink protection on my server
While I don't know how serverfault was made (there are many ways to do this) it's almost certain that there's no file named "197935" either. It's possible that there's a script named "questions" though, and the server could run that script, and the script would see the entire URL, look up the number in the database, and make this page.