How to prevent hotlinking

Hotlinking means linking directly to files of your websites – such as images, video files, archives, etc.

The impact of this is high bandwidth usage,  so you might want prevent these ‘parasite’ requests to your files using simple .htaccess directives.

If you already have an .htaccess file just add one of the following code snippets in the beginning of your existing file, otherwise create a plain text file (e.g. htaccess.txt), upload it via FTP and rename it to .htaccess on the server.

Deny hotlinking

To simply stop hotlinking add the following to your .htaccess file. Don’t forget to replace on line 3 with your own domain name.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)*$ [NC]
RewriteRule .(gif|jpg|zip|rar|mp3|flv|swf|png|pdf)$ - [F]

Return alternate content

You can also serve alternate content when hotlinking is detected – set up your .htaccess file to actually display different content on hotlinking attempts.

This can be done to demostrate your displeasure of hotlinking activities. In this example we’re going to return a “Devil” image in place of all hotlinked ones. Of course, replace on lines 3 and 4 with your own domain name and upload devil.jpg to your website’s root directory.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)*$ [NC]
RewriteRule .(gif|jpg)$ [R,L]

You should only use the above techniques if you are sure you want to deny displaying your images or using other files on all 3rd party resources.

Was this article helpful?
Spread the word!