Much of what I'm going to share here can be found on lots of other sites with similar
articles, but the main difference here is my referring to an idea I've only seen on one
other site. This article will point out what I've seen as the most common solution and
then refer you to what I believe is a better solution.
If you're reading this article, I assume you're familiar with what hotlinking is. Just in case
you're not, hotlinking refers to someone on another site linking to files such as images on your
site and displaying the images within their site's content as though the images are being loaded
from their site. Hotlinking images or other files such as .zip files in this manner will
download the files from your site using your bandwidth. In effect they're stealing content
from your site while you're paying for the delivery of the content by using your bandwidth.
The code immediately below is an example of what you'll find in most articles dealing with
hotlinking. This code would be placed in a .htaccess file. It turns on the Apache mod rewrite
engine, looks for referer headers and checks that the requests are only coming from your
site. The rewrite rule used checks for .gif, .jpg, .jpeg, .js, .css, and .zip files. In
the example code below anybody from a domain other than myDomain.com or myFriend.com will
receive a 403 forbidden error message. When images are linked to by other sites, they will
display as broken images.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://myFriend.com.*$ [NC]
RewriteRule \.(gif|jpe?g|png|bmp|js|css|zip)$ - [F,NC]
This type of code works well, but it does have it's downsides. If you have images on your
site that you'd like to have displayed on another site, then the above code in a .htaccess
file will block them from being displayed. For example, if you're participating in a forum
on another site and want to leave a link back to an image you have on your site, then the
image will be blocked since the request is coming from a different domain. Another example
would be where you don't mind sites referring people to your site to download a file, but
don't want the file linked to directly. In those cases you want the other sites to link
to the page on your site containing a link to the file.
I recently read an article that gives what I consider to be a very good solution to this
problem. The same type of rewrite conditions are put into a .htaccess file, but a different
rewrite rule is used like the line below.
RewriteRule (.*) /showpic.php?pic=$1
The example PHP script in the article allows the script to be called to either display
the image, refuse to display the image, or divert the request to a page on your site where
the image is then shown. The last option provides the solution to the examples I gave
above.
The article that I found this solution in was written by Thomas Scott can be found here:
Smarter Image Hotlinking Prevention
He gives an example PHP script and more info than I've given here about the .htaccess
file.
Heres some links to other articles that you may find of interest on hotlinking. Especially if
you're new .htaccess files.
http://www.webmasterstop.com/124.html
http://www.devpapers.com/article/242
http://www.javascriptkit.com/howto/htaccess10.shtml