Preventing bandwidth theft via Hotlinking of images

Did you noticed an increase in your web site traffic, and an increase in bandwidth usage?
Here is how to prevent bandwidth theft via .htaccess.

You can prevent hotlinking is by adding lines to an .htaccess file manually.
If you do not already have an .htaccess file, you can create one in a text editor - note the filename is ".htaccess".

In the examples below, your domain is assumed to be www.example.com. You will need to change the code to reflect your own domain name. Note also that UNIX is case-sensitive, so if you have uppercase file extensions you will need to specify them in your rewrite rules (see first example below). Also, no changes to the below examples are necessary regarding whether or not your website is configured to use www or no www.

Preventing bandwidth theft:

Blocking all domains but yours

The following code will return a 403 Forbidden error instead of the requested resource, unless the referrer is example.com, which should be changed to the domain of the site where the image is used:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/.)$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpe?g|gif|png)$ - [F]

As with the previous example, the RewriteCond %{HTTP_REFERER} !^$ line allows the request to go through if the HTTP_REFERER value consists of a blank string.
Replacing images

This method will still result in bandwidth theft, but it will protect your images. Bandwidth theft may reduce eventually as people learn linking your images will not work.

Please note that some programs (phpBB, for example) seem to recognize the 302 status caused by the following methods as an error condition, and start repeatedly retrying until the user browses to another page.

Replacing the image

The following code will cause the remote server to display no_hotlink.jpg instead of the requested image:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/.)$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpe?g|gif|png)$ images/no_hotlink.jpg [L]

Allow certain hotlinking

The following code will cause the remote server to display no_hotlink.jpg instead of the requested image, unless the image has been requested from a specified directory ("dir"):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/dir/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpe?g|gif|png)$ images/no_hotlink.jpg [L]

Block specific domains

The following code will cause the remote server to display no_hotlink.jpg instead of the requested image, but only when the image has been requested by badsite.net or badsite.com:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net(/.)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com(/.)$ [NC]
RewriteRule .(jpe?g|gif|png)$ images/no_hotlink.jpg [L]


Properties ID: 000238   Views: 9223   Updated: 13 years ago
Filed under: