Thursday, 26 December 2013

Thursday, December 26, 2013
Stop Image Hotlinking with .Htaccess
One of the most common issues faced by web masters who are creating new website is image hotlinking. So what is it? If you have seen anyone use the images from your website by getting the link to the image, without taking your permission, then you have just been a victim of image hotlinking.

But why does it matter so much?

  • Images/graphics that you have created from all your hard work are being stolen.
  • They are also stealing your bandwidth because the images are stored in your server and whenever the images are called and loaded it's eating up your bandwidth.

So, how do we control it or stop it? 


We can do all this by using the .htaccess file that is present in your server. But before we do that we need to decide what are the restrictions that we are going to implement. Here are a few things you need to decide before implementing.
  • You need to have a clear idea about which sites you want to block
  • Decide which sites you will allow
  • Whether or not you want to allow/deny blank referrers
  • You can choose to display a custom image when image hotlinking is detected
  • You also need to decide which files you want to protect
No, follow the steps mentioned below.

Step 1 - Creating a .Htaccess File


One of the first thing that you need to do is to check whether you have a .htaccess file in your server or not. If you don't have one, don't panic. Just open Notepad and create a file and save it as .htaccess with no extension. Remember not to save it with any extension.

Step 2 - Code for .Htaccess Hotlinking


Now add the following code in your .htaccess file and save it.

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain1.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain2.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain3.com [NC]
RewriteRule\.(jpg|jpeg|png|gif)$ http://www.yourdomain.com/YOUR_CUSTOM_IMAGE.gif [NC,R,L]

Explanation of Code : 


Now lets understand the code that we are using so that we can use it in a better way.

RewriteCond %{HTTP_REFERER} !^$

This code is used to allow blank referrers and we recommend to keep it as it is. This is necessary because sometimes users who are surfing under a firewall do not provide a referrer information. So it is advised to keep this line as it is. But if you desire to disallow blank referrers then simply delete this line and you are done.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain1.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain2.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain3.com [NC]


This code allows you to choose which sites are allowed to hotlink to your images. You can add your chosen site's address here by replacing the 'yourdomain1'.


RewriteRule\.(jpg|jpeg|png|gif)$http://www.yourdomain.com/YOUR_CUSTOM_IMAGE.gif [NC,R,L]

This code is used to specify the file formats that you are intending to block and it also specifies an image to display when hotlinking is detected. The formats that we intend to block are mentioned in between the () and if you want to add more formats then just seperate them with a "|".

To add your custom image when hotlinking is detected just replace this link 'http://www.yourdomain.com/YOUR_CUSTOM_IMAGE.gif' with your image link, and make sure that the image link that you are providing here is not hotlink protected otherwise it will make the server go into an infinite loop and no image will be displayed.

If you like this tutorial then do share it along and also subscribe to our Website RSS Feeds for more such amazing tutorials.

0 comments:

Post a Comment