Tech Ferret (c) 2002-2018

Image and File Hotlinking Prevention
Much of what I'm going to share here can be found on lots of other sites with similar articles, but the main difference here is my referring to an idea I've only seen on one other site. This article will point out what I've seen as the most common solution and then refer you to what I believe is a better solution.

If you're reading this article, I assume you're familiar with what hotlinking is. Just in case you're not, hotlinking refers to someone on another site linking to files such as images on your site and displaying the images within their site's content as though the images are being loaded from their site. Hotlinking images or other files such as .zip files in this manner will download the files from your site using your bandwidth. In effect they're stealing content from your site while you're paying for the delivery of the content by using your bandwidth.

The code immediately below is an example of what you'll find in most articles dealing with hotlinking. This code would be placed in a .htaccess file. It turns on the Apache mod rewrite engine, looks for referer headers and checks that the requests are only coming from your site. The rewrite rule used checks for .gif, .jpg, .jpeg, .js, .css, and .zip files. In the example code below anybody from a domain other than myDomain.com or myFriend.com will receive a 403 forbidden error message. When images are linked to by other sites, they will display as broken images.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://myFriend.com.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp|js|css|zip)$ - [F,NC]

This type of code works well, but it does have it's downsides. If you have images on your site that you'd like to have displayed on another site, then the above code in a .htaccess file will block them from being displayed. For example, if you're participating in a forum on another site and want to leave a link back to an image you have on your site, then the image will be blocked since the request is coming from a different domain. Another example would be where you don't mind sites referring people to your site to download a file, but don't want the file linked to directly. In those cases you want the other sites to link to the page on your site containing a link to the file.

I recently read an article that gives what I consider to be a very good solution to this problem. The same type of rewrite conditions are put into a .htaccess file, but a different rewrite rule is used like the line below.

RewriteRule (.*) /showpic.php?pic=$1

The example PHP script in the article allows the script to be called to either display the image, refuse to display the image, or divert the request to a page on your site where the image is then shown. The last option provides the solution to the examples I gave above.

The article that I found this solution in was written by Thomas Scott can be found here: Smarter Image Hotlinking Prevention

He gives an example PHP script and more info than I've given here about the .htaccess file.

Heres some links to other articles that you may find of interest on hotlinking. Especially if you're new .htaccess files.

http://www.webmasterstop.com/124.html
http://www.devpapers.com/article/242
http://www.javascriptkit.com/howto/htaccess10.shtml


Copyright (c) 2002-2018 Tech Ferret
techferret.com / techferret.net