Last Updated on April 21, 2021 by Amit

htaccess block hotlinking

Hotlink protection using htaccess

One of the most beneficial use of htaccess is to prevent hotlinking of images , videos and other documents on your website.

You can use htaccess to prevent hotlinking of your media and other documents.

What is hotlinking?

It means to display an image on a website by linking to the website hosting the image.
For example : An image “cat.jpg” hosted on server1 can be displayed on “server2” using src link to the server1 .
This uses the Server1 resources to load and display the image.

Why you should prevent hotlinking ?

Hotlinking consumes your server resource like bandwidth which can slow down your server performance.

If your hosting server provides limited bandwidth then “hotlink blocking” is useful for you as you do not want your server to be down by external http requests.

RewriteRule to prevent hotlinking

Many people who don’t want their site to be hotlinked use htaccess.

It’s easy to stop hotlinking using an htaccess file.

The following is a basic Rule to prevent image hotlinking on your website :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://yoursite.com [NC]
RewriteRule .(jpg|png|gif)$ - [F]

This checks the “HTTP_REFRRER” domain string , if its not http://yoursite.com then any calls to jpg , png and gif files on your site will get a F 403 forbidden error.

Linking an image file on another server using your domain “http://yoursite.com” will show a forbidden error.
For example, <img src=”https://yoursite.com/image.jpg”> won’t load the image file on another server.

If yoursite.com is accessible by both https or www , then to prevent hotlinking you need to use a regex based pattern in RewriteRule to match both versions :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)://(www.)?yoursite.com [NC]
RewriteRule .(jpg|png|gif)$ - [F]

This will prevent hotlinking of image files on “https://www.yoursite.com” , “https://yoursite.com” and “http://yoursite.com” (with or without www) .

Keep in mind that, hotlink protection doesn’t mean your images won’t be indexed by search engines. Google will still index your images as it doesn’t use http referer header to find and index files.
Your images will still appear on search results but can’t be used on another website by linking to your server.

Stop hotlinking of video files.

You can use the following rule to stop hotlinking of video files on your server.

I have just added one extension in the rule . If you have more video extensions to stop hotlinking you can add them in the pattern using regex like this .(mp4|ext2|ext3)$ .

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https?://(www.)?yoursite.com [NC]
RewriteRule .mp4$ - [F]

This will set a hotlink protection for mp4 files on your server.

htaccess Allow/Deny hotlinking

By using the above rules you deny hotlinking to all external sites. If you want to allow access to a specific external site that can use your media files then use :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https?://(www.)?(example1.com|example2.com) [NC]
RewriteRule .(jpg|png|gif)$ - [F]

This will block image hotlinking for all sites except “example1.com” and “example2.com” . If the “example1.com” is hosting the image files then you can also hotlink those images on “example2.com” .

Display a static image for hotlinked requests

You can show a static image for hotlinking calls on your server using htaccess.
Instead of 403 error you can rewrite all hotlinking calls to an image file this will make it so that when someone tires to link your image on their website they will get the image instead of the one they intended to show.

This does use your bandwidth but this way you can reduce the number of hotlinking calls on your server.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https?://(www.)?yoursite.com [NC]
RewriteRule .(jpg|gif|png)$ /hotlink.png [L]

Hope this article was helpful.
Thanks for reading!

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.