Allow Feedburner Access to Hotlink-Protected Images

[ Image: Feedburner Icon ] Recently, we installed and configured the excellent WordPress Feedburner plugin by the venerable Steve Smith 1. The plugin basically redirects our various WordPress-powered content feeds to Feedburner, which then delivers them to subscribers. This method enables us to take advantage of Feedburner’s excellent statistical tools. Further, all of the action happens silently, beneath the surface, and without the subscriber even realizing it.

After a few weeks running the plugin with great success, we began hearing reports of broken and missing images messing up our feeds. After some investigating, we realized that our tried-and-true anti-hotlinking htaccess rules were doing their job a little too well — blocking everyone outside our domain from accessing our image content — including Feedburner.

As far as I am concerned, delivering high-quality feeds is a critical component of any successful website. While some people prefer not to clutter their feeds with all sorts of images, it is always nice to display an official logo or other site graphic for branding purposes, recognition, etc. Feedburner even promotes such customization with its excellent feature, Feed Image Burner. In any case, to enable images to display in our feeds, we need to enable Feedburner to bypass our stringent hotlink-prevention rules.

Hotlink Protection via htaccess

As many savvy bloggers know, hotlink protection via htaccess is an excellent method for preventing unauthorized use of your site’s content. Unfortunately, the commonly implemented ruleset stops Feedburner — as well as every other feed-delivery service — from displaying your images in feeds. For example, the following htaccess code will protect your images from bandwidth theft and is pretty much standard-issue htaccess hotlink-protection:

# Hotlink Protection
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|png|bmp)$ - [F,NC,L]

Let’s examine this typical hotlink-protection htaccess code. After initiating mod_rewrite in the first line, the code checks the referring URL against the predefined strings in the following five lines. In this case, we are allowing all no-referrer requests as well as any referrer that is from our own domain, example.com (both www and non-www versions). Everything else is denied access to the file types listed in the last line, namely popular image files.

To use this code on your own site, simply replace all instances of example.com and edit (if necessary) the list of file types that you would like to protect. Also note that you may protect any file type (e.g., js|css|zip|mp3|avi|wmv|mpg|mpeg|swf) with this htaccess ruleset by simply adding it to the list.

Allow Feedburner Access

Given the htaccess hotlink-protection rules described above, it is relatively simple to allow Feedburner access to your images. Here are the additional htaccess rules:

# Allow Feedburner Access
RewriteCond %{HTTP_REFERER} !^http://www.feedburner.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/example-feed$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/example-feed-comments$ [NC]

In the previous code, we are matching anything coming from the feedburner.com domain, while also matching our two example feeds (http://feeds.feedburner.com/example-feed and http://feeds.feedburner.com/example-feed-comments) specifically. To allow Feedburner access to your feeds, simply replace the two specific feed URLs with those of your own.

All Together Now

After editing the previously discussed ruleset to suit your specific needs, simply splice it into your hotlink-protection code like so:

# Hotlink Protection with Feedburner Access
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.feedburner.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/example-feed$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/example-feed-comments$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|png|bmp)$ - [F,NC,L]

Our finished product instructs Apache to deny access for any image request that is not from feedburner.com, our example domain, or either of our example feeds. Simply copy and paste the entire ruleset into your site’s root htaccess file. And with that, Feedburner will have access to your images, and your subscribers will enjoy a richer user experience with your feed.

1 Incidentally, the WordPress Feedburner plugin recently was acquired by Feedburner and renamed “FeedSmith”. As if that weren’t enough, the Feedburner company itself was soon thereafter acquired by Google. [ ^ ]