Notice about Hotlinking and Bandwidth  
 

So You Want to Stop Hotlinking and Bandwidth Theft

Would you like to stop hotlinkers? Is your web hosting bandwidth bill growing each month? No budget in getting a dedicated server? Want to test image hotlink protection for your web site? Here is information on using an htaccess file to stop hotlinking and bandwidth theft.



How Do I Stop Hotlinking and Bandwidth Theft?

You can stop others from hotlinking your site's files by placing a file called .htaccess in your Apache site root (main) directory. The period before the name means the file is hidden, so you may want to edit your file as htaccess.txt, upload it to your server, then rename the txt file to .htaccess in your directory. Contact your web host on how to access your directories and configure your .htaccess file.


Example: Your site url is www.mysite.com. To stop hotlinking of your images from other sites and display a replacement image called qX4w7.gif from an image host, place this code in your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]

The first line of the above code begins the rewrite. The second line blocks any sites other than your own mysite.com url. The [NC] code means "No Case", meaning match the url regardless of being in upper or lower case letters. The third line means allow empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the qX4w7.gif image from the imgur.com server. You could easily use your own hotlink image by placing an image file in your site's directory and pointing to that file instead.


To stop hotlinking from specific outside domains only, such as myspace.com, blogspot.com and livejournal.com, but allow any other web site to hotlink images:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]

You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means "Or Next", as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.


You can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]


Warning: Do not use .htaccess to redirect image hotlinks to another HTML page or server that isn't your own (such as this html page). Hotlinked images can only be replaced by other images, not with an HTML page.

As with any htaccess rewrites, you may block some legitimate traffic (such as users behind proxies or firewalls) using these techniques.


How Do I Test Image Hotlinking?

Use our URL hotlink checker below to check the hotlink protection on your web site. Simply enter the complete URL below (ex: http://mysite.com/image.jpg) to see if your image can be loaded and hotlinked by a remote server.

Enter the URL of the image to see if it can be hotlinked:


Where Can I Find More Information?

What is Hotlinking? offers an explanation of hotlinking and bandwidth theft and why it is a problem for webmasters.
altlab.com offers web design templates, banner design, logos, and other web design resources.