Would you like to stop hotlinkers? Is your web hosting bandwidth bill growing each month? Looking for web hosting? Here is information on using an .htaccess file to stop hotlinking and bandwidth theft.
How Do I Stop Hotlinking and Bandwidth Theft?
You can stop other websites from hotlinking your site images by placing a file called .htaccess in your Apache site root (main) directory. The period before the name means the file is hidden, so you may want to edit your file as htaccess.txt, upload it to your server, then rename the txt file to .htaccess in your directory. Contact your web host on how to access your directories and configure your .htaccess file.
Example: Your site url is www.mysite.com. To stop hotlinking of your images from other sites and display a replacement image file named stophotlinking.gif from your site’s root directory, place this code in your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ stophotlinking.gif [L]
The first line of the above code begins the rewrite. The second line blocks any sites other than your own mysite.com url. The [NC] code means “No Case”, meaning match the url regardless of being in upper or lower case letters. The third line means allow empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the stophotlinking.gif image from your server. The [L] code means “Last”, and tells the server to stop processing any other rules that follow.
To stop hotlinking from specific sites only, but allow any other web site to hotlink images:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://(.+\.)?example\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(.+\.)?anothersite\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://(.+\.)?example2\.org/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ stophotlinking.gif [L]
You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means “Or Next”, as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.
You can display a 403 Forbidden error code instead of an image using the [F] flag instead of the [L] flag. Replace the last line of the previous examples with this line:
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
As with any htaccess rewrites, you may block some legitimate traffic (such as users behind proxies or firewalls) using these techniques.
Do not use .htaccess to redirect image hotlinks to another HTML page or server that isn’t your own (such as this web page). Hotlinked images can only be replaced by other images, not with an HTML page.
One comment
Our hotlinking page (https://altlab.com/hotlinking) has been around a very long time and ranks high in Google search results to this day. Over the years, many website owners have taken our .htaccess instructions, and used them without modifying them for their own website. This sometimes means they point their htaccess rewrites to our website or to various hotlinking substitute images we have posted over the years.
What this means is we sometimes get emails from random visitors complaining that we are somehow involved with a website that is preventing them from hotlinking. They do not seem to understand how we have no connection or involvement with whatever site is preventing them from hotlinking that website’s images. Here is our most recent angry email: