
# BEGIN wccp_pro_image_protection
<FilesMatch "watermark.php">
	Require all granted
</FilesMatch>
<IfModule mod_rewrite.c>
	RewriteEngine on
	# Redirect /watermark/ in image URLs to original path, this rule is needed when (if not appache) option is enabled
	RewriteCond %{REQUEST_URI} ^(.*/)?watermark/(.+)$ [NC]
	RewriteRule ^(.*)$ /%1%2 [NC,L]
	
	RewriteCond %{QUERY_STRING} (wccp_pro_watermark_pass) [NC,OR]
	RewriteCond %{REQUEST_URI} (wp-content/plugins) [NC,OR]
	RewriteCond %{REQUEST_URI} (wp-content/themes) [NC,OR]
	RewriteCond %{HTTP_REFERER} (/wp-admin/post\.php|/wp-admin/upload\.php|/wp-admin/post-new\.php) [NC,OR]
	RewriteCond %{REQUEST_URI} (logo|150x150) [NC,OR]
	RewriteCond %{REQUEST_URI} (this_is_just_not_any_wanted_image_size) [NC]
	RewriteRule ^(.*)\.(jpg|png|jpeg|webp|gif)$ - [NC,L]
	
	# Direct Request (No Referer, External Referer, or Missing/Unusual Vary Header) Rule_1
	RewriteCond %{HTTP:If-None-Match} ^.+$ [NC,OR]
    RewriteCond %{HTTP:If-Modified-Since} ^.+$ [NC]
    RewriteRule ^.*$ - [NC,L]
	
	# Direct Request (No Referer, External Referer, or Missing/Unusual Vary Header) Rule_2
	RewriteCond %{HTTP_REFERER} ^$ [NC,OR]  # No referer (direct request)
	RewriteCond %{HTTP_ACCEPT} (text/html|application/xml|application) [NC,OR]  # Happens when the image is called directly
	RewriteCond %{HTTP_REFERER} !^https?://(www\.)?pracartis\.fr [NC]  # Referer does not match the owner's domain
	RewriteCond %{HTTP:Vary} ^(Accept|Referer)?$ [NC]  # Vary header is empty, Accept only, or Referer only
	RewriteCond %{REQUEST_URI} \.(jpg|png|jpeg|webp|gif)$ [NC]  # Image file extensions
	RewriteRule ^.*$ - [NC,L]
	
	#This rule for admin exclusion, dont use it before Direct request rules
	RewriteCond %{HTTP_COOKIE} (excludethispage)
	RewriteRule ^(.*)\.(jpg|png|jpeg|webp|gif)$ - [NC,L]
	
	# What happen to images on my site
	RewriteCond %{HTTP_ACCEPT} !(text/html|application|application/signed-exchange) [NC]
	RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?pracartis\.fr [NC]
	RewriteRule ^.*$ - [NC,L]
	
	RewriteCond %{REQUEST_URI} \.(jpg|png|jpeg|webp|gif)$ [NC]
	RewriteCond %{REMOTE_ADDR} !^(127\.0\.0\.1|162\.144\.5\.62)$
	RewriteCond %{REMOTE_ADDR} !^66\.6\.(32|33|36|44|45|46|40)$
	RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?(pracartis\.fr|t.co|x.com|twitter|twitter.com|Twitterbot|pinterest.com|tumblr.com|facebook.com|plus.google|googleapis.com|googleusercontent.com|ytimg.com|gstatic.com) [NC]
	RewriteCond %{HTTP_USER_AGENT} !(twitter|twitterAndroid|twitterbot|linkedin\.com|LinkedInBot|WhatsApp|google(bot)?|msnbot|baiduspider|slurp|webcrawler|teoma|photon|facebook(externalhit|platform)|pinterest|feedfetcher|ggpht|smush\.it|akamai|cloudfront|netdna|bitgravity|maxcdn|edgecast|limelight|tineye|developers|gstatic|googleapis|googleusercontent|ytimg) [NC]
	RewriteRule ^.*$ - [NC,L]
	
</ifModule>
# END wccp_pro_image_protection
