Hotlink Protection with FireWall

I want block all link if it’s not use on my site…so i create firewall, firewall working perfect if i use diff domain…but when i use subdomain, firewall not working anymore

(http.request.method eq “GET” and in {“”} and not http.referer contains “”)

Hi @dnstylish,

That isn’t exactly clear to me, but I will try to help you.

Do you want to restrict access to to only one or a few subdomains of but not the entire zone?

  1. As written, and all its subdomains will be allowed.

  2. If the target is only, you may want to change the operator from in to eq and adjust the semantics.

  3. Since the http.referer field is set with the contains operator and value, any other domains/subdomains containing that value will be accepted. For example:

    • A domain “
    • A subdomain “

Usually the third situation isn’t a problem, but these scenarios can be avoided if necessary.

Anyway, you can make it more reliable by making some fine tuning.


  • Request Method equals “GET
  • Hostname equals “
  • Referer does not equal “
  • Referer does not contain “

Action: Block


(http.request.method eq "GET" and eq "" and http.referer ne "" and not http.referer contains "")

I hope it helps. Please let me know if I can help you with any further questions.


This topic was automatically closed after 30 days. New replies are no longer allowed.