I want to hotlink an image from a remote website. This works when I test in my local PC (Apache server), but doesn't work when I try from my website.
I am not an expert in this subject, but as I understand if hot-linking was blocked in the remote site, it should not work in my local server as well, right? In that case what might be the issue (my hosting provider is saying they don't have any issue)?
Let's play this through.
On your local server:
127.0.0.1 (or localhost) that returns some HTML with a hotlinked image to example.com.example.com and sets the referer header to 127.0.0.1.example.com has to determine whether the referrer is allowed to hotlink or not.example.com and 127.0.0.1 both refer to the same thing, namely the server itself, this looks like a valid request.On your remote server:
Same as above, but replace 127.0.0.1 with your.favourite.url.
This time when the server validates the referrer, it will come to the conclusion that your.favourite.url and example.com do not refer to the same thing, and therefore block the image request.
This could be seen as a misconfiguration of example.com, since the referrer might not resolve to the same point from both client and server context.
If you access your local server via your local network IP (e.g. 192.168.1.42), then hotlinking should no longer work, unless example.com has a really graceful referrer policy, or happens to use exactly the same local IP as you.
It could also be possible to expose example.com's local IP by brute-forcing all local network IPs, though while that technically is an information leak, there's not much you can do with it.