I realize that image hotllinking can be stopped using mod_rewrite but an increasing number of users now use a firewall as standard. These firewalls don't pass any HTTP_REFERRER info which is needed for mod_rewrite to work.
I toyed with the idea of using mod_rewrite for allowing access whether HTTP_REFERRER info is passed or not:
<!-- CODE SAMPLE
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^
http://(www\.)?mydomain\.com [NC]
RewriteRule \.(gif¦jpe?g¦png)$ - [NC,F]
<!--
This solution, to a large extent, negates the purpose of having image anti-hotlinking in the first place.
Does anyone out there know of an apache module that will effectively circumvent the obvious problems with mod_rewrite and that lends itself to protecting images more effectively? Possibly a binary that maps the server and works with static or dynamic html files. Obviously the protection mechanisms need to contained on the server and have no dependencies on client generated headers or other such data.
Any suggestions etc would be very appreciated.