Web Hosting Talk : Web Hosting Main Forums : Web Design and Content : Web Design and Content Tutorials : How-to - Disable Hot-linking Files.

[MjrGaelic]

Hot-linking files such as images and media (mp3, wma etc..) is where another website uses source code to post your media on thier page. This uses your bandwidth and the other site gets credit for this.

This snippet of code will prevent anyone but your domain to view or access your media. If others are hosting images that are yours they will simply have the big red x.

There are 4 variants of this code, experiement with them to find the one that works for you.

To implement this you will need to create a .htaccess file in the stored directory. If your images are in /web/images then you will need to post this .htaccess file in the images directory to prevent hotlinking there.

Note, only enter the tld of your domain. Such as yourdomain.com instead of www.yourdomain.com..

Application is:

cd /web/images
vi .htaccess

Paste your desired variant (some may not work with your hosting setup, try until one does).

Variant 1

Quote:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ - [F,NC]

Variant 2

Quote:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ - [F,NC]

Variant 3

Quote:

Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ - [F,NC]

Variant 4

Quote:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp)$ - [F,NC]

If your using an Ensim based server 3.1 or 3.5, 3.7 then you'll need to add ReWriteEngine On to the 1st line of code.

If you need to block additional file types just add thier extensions to the Rewrite Rule Line.

Removal:

Simply delete the .htaccess file in your directory.

1. rm .htaccess

Regards,

Ryan

[andreys]

erm... i think that if u have access to Cpanel u can control hotlinking like u can block your files from being hotlinked..

[Husker Jason]

Do .htaccess files work on Windows servers?

[MjrGaelic]

To be honest Jason, I really don't know. I have no experience with Windows Servers what so ever..

Can anyone elese answer that question and/or provide a solution like above for Windows boxes?

Ryan

:wq

[lochie]

I don't know either but you could use another method which is actually more secure for your whole site, why not protect your source code by using encryption and also use one of those 'no right click' scripts. There are some no right click scripts that can be passed by simply left-clicking and quickly right-clicking after it, so be careful as not to pick a duff script This way all your content is protected. not just your images etc because it stops them right clicking and selecting 'save target as' or viewing your source for the file location.

[appliedops]

There's actually an apache module which can prevent hotlinking...

Even better is when you rewrite the hotlink'ed image to something shaming the hotlinker, especially if they're hotlinking copyrighted content.

[tommyd]

Do you recall the name of the apache module?

[shintainuk]

its also the info i need, i may give it a try. many thanks.

[SigmaTech]

mod_rewrite is no longer full prove and I can tell you why..
I found people are using XML (.xml) to get thourgh mod_rewrite.

An example is an mpg file with mod_rewrite hotlinking protection. If request is not coming from your web page, apache sends error 302 and attempt to redirect, somehow, since it is .xml, with an embedded Windows Media Player, the client was not redirected to a hotlink page.

Instead another request was made to the server by the embedded player for the mpg file. At this time there is no refferal information. Then client is able to download and play the mpg file on the stealer web page and therefore stealing your content and bandwidth.

This http log might better explain what is going on...

1st request:
.....mpg HTTP/1.1" 302 312 "http://hotlinker.website/file.xml" "Mozilla/4.0 (compatible....

2nd request:
.....mpg HTTP/1.1" 206 1462276 "-" "Mozilla/4.0 (compatible....

3rd request:
.......mpg HTTP/1.1" 200 1398788 "-" "Windows-Media-Player/9.00.00.2980"


If anyone knows a method how i can prevent this type if hotlinking please shine some clue.

[CSKDesign]

Ive been looking for a good one for awhile. thanks!

[webpromo]

Anything for Windows?

[FlammableHost]

It's really easy with CPanel. Cpanel automaticaly does it for you.

[hostingmaniac]

Quote:

Anything for Windows?

Plesk in Windows has the option for hotlinking.

Use Plesk CP >> Domains >> Domainname >> Hosting >> Click Hotlink Protection and enable it.

[jovigirl]

you can do it automatically thru any cpanel system or editing the htaccess yourself

[steaveandrew807]

Finally I found this good article that help me a lot to disable Hot-linking Files. I want now installing window vista on my computer so let me know do .htaccess files work on window vista?