I am trying to deny direct access and cross domain access for my website, so i am trying to use wildcard access.
Only my website and the trusted domain can able to access my assets like image, java-script, css file etc.
I am trying like this *.example.com so it will allow access to all
https://www.example.com, http://www.example.com, http://example.com,
https://example.com, https://subdomain.example.com etc
Code :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^ .*\.example\.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^ .*\.example\.com$ [NC]
RewriteRule .*\.(txt|ico|jpg|jpeg|gif|png|bmp|js|css)$ - [F,NC,L]
My assets is still not blocking for direct access and cross domain.
>Solution :
You can use this :
RewriteEngine On
RewriteCond %{HTTP_REFERER} !yoursite\.com [NC]
RewriteRule .*\.(txt|ico|jpg|jpeg|gif|png|bmp|js|css)$ - [F,NC,L]
Replace your yoursite.com with your main domain name in the condition above.