DevPapers - article Prevent Hotlinking With htaccess

One of the most irritating things to find, is someone linking to your images, and running up your bandwidth.

You go through your web statistics and find a website that has not only stolen your images, but in fact simply linked right to them, on your server.

The problem with this is not just the theft of your images, but it runs up your bandwidth as well. This is known as "Leeching".

A few options to choose from
When using htaccess to protect your images, you have a few options. These options determin who can and who cannot link to your images.

I will cover a few of them here.

Creating the htaccess file (some things to remember)
A few things to remember about htaccess, is that any folder you place the htaccess file in, it will affect that folder, and any folder beneath it.

The first thing you will want to do is open a text editor, I prefer Crimson Editor or Notepad.

The first basic bit of code will be used to turn on mod_rewrite, and tell the server which domains will be allowed to link to your files.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]

Line one turns on the mod_rewrite engine. The second and third line is telling the server to look for referrer strings that are not left blank. The third line is telling the server which domains are allowed to link to your files.

If you want to allow more than your domain to link to your files, you can add them by adding more RewriteCond lines. For example:

RewriteCond %{HTTP_REFERER} !^http://(www\.)?seconddomain.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?thirddomain.com(/)?.*$ [NC]

Which file extensions do you want to protect?
The following code, added to the bottom of the above code, will tell the server which file extensions you want to protect. Using the the F and NC flags basically tell the server that it's Forbidden from accessing the files, and the NC flag means No Case, telling the server to ignore the case (i.e. bmp and BMP will be treated the same):

RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

The completed code
When you compile al of this code thus far, you will have enough to protect your images, and bandwidth:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

Displaying an image of your choice
Keep in mind that this option will not protect your bandwidth, but more so allow you to control it better, as well as display a humiliating image on the leecher's site.

The RewriteRule that we used above, to determine the file extensions you want to protect, can be added to, to display your own image on the leecher's site. You can change the line to:

RewriteRule \.(gif|jpe?g|png|bmp)$ /images/humiliatingimage.gif [L,NC]

Like I said however, this will not save your bandwidth as it is still displaying the "humiliating" image from your server.

The completed code would then look like this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp)$ /images/humiliatingimage.gif [L,NC]

Saving your file
Now save your htaccess file as .htaccess. Make sure there is no .txt extension on it, as this will not function properly.

Upload the htaccess file to the folder of your choice, and there you have it!