CWC index .

Prevent Hotlinking

6 March 2007; last modified 27 March 2007

        ___    /
      _/   |   \,^%---
     |_____|    <_ \ Fear not. It's quite simple....
       --- ==   >/
     [_____]  __>,^
ejm   |   |  //| |

Intentional and inadvertant hotlinking of your images can be a literal drain on your website without any benefits to you. A regular visit to your website draws on your bandwidth and is a legitimate draw. However, if another site, unrelated to yours in any way, is able to hotlink your images, whenever people view THAT site, you are paying for the bandwidth used, rather than the site owners. Those site owners are getting something for nothing - your image(s) AND your bandwidth.

Many webservers offer different amounts of allowed bandwidth (with Crosswinds, this is the "Transfer" amount that is detailed each hosting plan). Intentional hotlinking is a way that unscrupulous website owners pay the lowest rate for their service but still use more than their allowed bandwidth without being penalized monetarily.

This is how it was explained in the article What is Hotlinking?:
A simple analogy for bandwidth theft: Imagine a random stranger plugging into your electrical outlets, using your electricity without your consent, and you paying for it.

Some misguided people decide to use offensive images as hotlink replacements. But there is no need to be rude. Much of the hotlinking that occurs is done out of ignorance and is entirely unintentional. Any intentional hotlinkers wouldn't be fazed by rudeness anyway.... It's far better to be firm and informative by employing an image along these lines:

no hotlinking example image

To produce the above, paste the following text (or something along those lines) into an image making program:

unauthorized link to image

This is a replacement. "Hotlinking" (aka "direct linking", "inline linking", "leeching", or "bandwidth theft") has been prevented. Please go to www.yourdomainname.com to view the actual image.

Save it as no_hotlinking.gif and upload it via BINARY to your image folder.

htaccess

Open a text editor and copy and paste the following (make sure you change "yourdomain.com" and "other_allowed_site.com" to reflect actual domain names):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([-a-zA-Z0-9_]+\.)?yourdomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://([-a-zA-Z0-9_]+\.)?other_allowed_site.com.*$ [NC]
RewriteRule \.(jpe?g|gif|bmp|png|bmp|ico)$ images/no_hotlinking.gif [L,NC]

The first line starts the rewrite for image replacement. The second line allows empty referrals. The third line allows requests from your own domain. [NC] stands for "No Case": it will match upper or lower case letters. The fourth line allows requests from another domain allowable by you. The last line is an instruction to match any files ending with the extension jpeg, jpg, gif, bmp, png, or ico. On any server except yourdomain.com and other_allowed_site.com, hotlinked images will be replaced by the no_hotlinking.gif that is in your image folder.

Save the file as .htaccess and upload it via ASCII to your root folder. (If you already have an .htaccess file there, add the coding below what is there already.)

Note that your bandwidth will be used up by the "no_hotlinking" image so it is a good idea to keep it small in bytesize. To save yourself from any bandwidth drainage, you can choose to show no image at all and put the following in your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://([-a-zA-Z0-9_]+\.)?yourdomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://([-a-zA-Z0-9_]+\.)?other_allowed_site.com.*$ [NC]
RewriteRule    \.(jpe?g|gif|bmp|png|bmp|ico)$ - [F,NC,L]

[F] stands for "forbidden". [L] stands for "last" and tells the server that if HTTP request matches this rule, it should not go to any other rewrite rules in the .htaccess file.

I hope all that helps you!


                 \_,^^%---
                  <\_  \ See? It's easy when you know how....
                  >
                  >^^
                 /| 
ejm             | \

For more detailed instructions, please go to What is Hotlinking?, A List Apart: Smarter Image Hotlinking Prevention, DevPapers: Prevent Hotlinking with htaccess, Selective hotlinking prevention through .htaccess, or wikipedia: Inline linking.



© llizard 2007

CWC reference pages . ASCII-art . illustrations and gif animations . llinks to ridiculously useless sites . home page