I have an Apache 2 with mod_setenvif. My goal is to stop all hotlinking of images in my global apache.conf. Currently that's:
<FilesMatch ".(gif|jpg|jpeg|png)$"> SetEnvIfNoCase Referer "^http://[^/]*blogger.com/" hotlink SetEnvIfNoCase Referer "^http://[^/]*myspace.com/" hotlink SetEnvIfNoCase Referer "^http://[^/]*ebay" hotlink ... deny from env=hotlink</FilesMatch>Works nicely so far, but I have to catch every hotlinker once and add it to my config. I would like to have a broader apprach by adding something like this:
# Set variable "hotlink" if Referer contains "forum" SetEnvIfNoCase Referer "forum" hotlink # Unset variable if Referer is from the same Host as current request SetEnvIfNoCase Referer %{Host} !hotlinkThe plan is to match http://evilhost.com/forum/, but not http://myhost.com/forum/.
The problem is that the latter unset does not work. Looks as if I can't use the header property "Host" as regexp pattern - at least not the way I tried to. Of course I could manually enter all possible hostnames in my config, but that's exactly what I want to avoid.
So my question is:
- Is there a way to use a HTTP header as regexp pattern at all?
- If not, do you know another way I could reach my goal to unset the variable "hotlink" if the referrer is from the same host?