Subscribe to Developer OraclesNews FeedSubscribe to Developer OraclesComments — Translate page:        

Browse > Home / .htaccess, Apache, Server Management / Hotlink Protection using .htaccess made easy

Hotlink Protection using .htaccess made easy

July 18, 2008
Filed under .htaccess, Apache, Server Management

Leave a comment

This is one of the most used tricks by the webmasters who care about their allocated bandwidth. The code which controls what are domains where your images can show up is very short, 4 line that is.
As always, I provide the full code, then below it I explain everything.
To use this code, you have to have an Apache web-server with mod_rewrite correctly installed.
So, let’s see the code for those who don’t want the explanations:


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Now some explanations:
The first line,

RewriteEngine on

practically tells Apache we will do something with mod_rewrite so turn it on. This line is optional if you already turned it on before in the same .htaccess where you put the above code in.
The second line,

RewriteCond %{HTTP_REFERER} !^$

this is nastier. Basically, if there is no referrer, let the image to be displayed. I guess this needs a bit of explanation. When you navigate on the internet from one site to the other, the browser always sends a “referrer” header to the host you are accessing. So, for example if you are currently on http://www.Google.com and you navigate to http://yahoo.com, the browser will send yahoo the following : “Referrer: http://www.google.com”. This header is what we use in our .htaccess to prevent hotlinking, BUT! Some antiviruses, firewalls clears this header on the clients’ side so there is no referrer at all, thus we don’t know the user browses our site, or it’s hotlinking our image on another site. Thus we just let the image to be displayed if there is no referrer.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]

If the referrer domain is our own domain, display the image. We set: http(s)?://(www\.)?yourdomain.com, so our condition will work on HTTP, HTTPS and also on our www and non-www hostname/domain.

And the last step is to tell Apache which files to protect:

RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

In the above case the jpg, jpeg, png and gif images will be protected. If you want to protect your Flash-files as well, put swf in the list and your movies will not display embedded in remote sites.
On our domain the php files are also protected because the Imagick examples are parsed by php codes.

I hope the above example was somewhat useful, if you need help with it, just say your problem below and will answer as soon as possible.

Share or Bookmark this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Ask
  • Bloglines
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Slashdot
  • SphereIt
  • Technorati

Possible related posts (automatic):

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: , , , , , , ,

Comments

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

If you want to use your OpenID, fill out the field labeled "Website" with the OpenID URL. The other fields may remain empty.

Subscribe without commenting