The problems I'm facing is how to prevent hotlinking from within a website. What I want to do is to block www.website.com/user/xxx from hotlinking a CSS, but allow www.website.com/user/aaa to use the CSS using .htaccess.
-Both user xxx and user aaa is using www.mywebsite.com/css.css css file, I only want to allow user aaa to be able to use it and not user xxx
What I manage to come up with so far is is putting a .htaccess in www.mywebsite.com to only allow user aaa to hotlink the css.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.website.com/user/aaa [NC]
RewriteRule \.(css|jpg|jpeg|png|gif)$ http://website.com/donotsteal [NC,R]
When I put this into the .htaccess it blocks both www.website.com/user/xxx and www.website.com/user/aaa from hotlinking the css
What I want to do is allow only this page www.website.com/user/aaa to use the css and block anything else from hotlinking it.
The flags [L] and/or [F] are missing from your RewriteRule http://altlab.com/htaccess_tutorial.html I am not certain if that would make the difference?
The ! in the *RewriteCond %{HTTP_REFERER} ^ or RewriteCond %{HTTP_REFERER} !^ \reverses the logical condition.
So
Says if it is "!" NOT mysite then "[L]" DON'T allow it which is a double negative to allow if from your site.
Correction [L] is the flag for LAST - [F] is forbidden and I need to get my glasses checked.