.htaccessiishttp-referer

Check HTTP_REFERER on a Windows server


I'm currently migrating from a Linux (Apache) server to Windows (IIS). On Linux I'm using a .htaccess file to check the HTTP_REFERER value, to ensure our files are only being loaded from our site, and not linked to from other sites:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?foo.com [NC]
RewriteRule \.(dcr)$ - [NC,F,L]

How can I accomplish this on a Windows machine? (Windows Server 2008 R2, IIS 7)


Solution

  • Have a look at point number 6 at the following location:

    http://blogs.iis.net/ruslany/archive/2009/04/08/10-url-rewriting-tips-and-tricks.aspx

    In a nutshell, you need to install the IIS URL Rewrite add-on and create a rule that looks something like:

    <rule name="Prevent image hotlinking">
      <match url=".*\.(gif|jpg|png)$"/>
      <conditions>
        <add input="{HTTP_REFERER}" pattern="^$" negate="true" />
        <add input="{HTTP_REFERER}" pattern="^http://foo\.com/.*$" negate="true" />
      </conditions>
      <action type="Rewrite" url="/images/say_no_to_hotlinking.jpg" />
    </rule>
    

    Your rule may look slightly different of course. With URL Rewrite, you can also take your current .htaccess rule and import it directly as a new rule. It will handle the translation for you although depending on your objectives, you might need to make some minor changes to the resulting rules that are generated.

    Hope that helps.