Navigate / search

Stop hotlinking to your site

How to handle hotlinking. For the last couple of days, my attention was drawn to the problem of hotlinking, inline linking, leeching, piggy-backing, direct linking, offsite image grabs, bandwidth theft or whatever you may want to call it. A lot of discussion about hotlinking is on the Internet as to whether it should be allowed or not allowed.

I try to be a bit more tolerant and usually wouldn’t mind getting them every now and then. This morning, what caught my attention was that the amount of hotlinking to images by certain sites which may cause degradation to other visitors to my site especially if the hotlinked images are large.

Is hotlinking bad for your site or not? Doing a search on the Internet will usually show you steps on how to stop others from hotlinking to your site. Some users would stop the hotlinkers cold by forbidding them access to the files. Others would redirect them to images that displays warnings.

Here’s how to control hotlinking. There are actually two basic actions you can take:

  • create a whitelist (list of URL’s that are allowed to hotlink to your site), or
  • create a blacklist (a list of URL’s that you don’t want to hotlink to your site)

I’ve decided to create a blacklist. This should still allow other sites to link to some of my images and if they get abusive I can always put them on the list.

Implementing a hotlinking blacklist solution for a web site in my case entails some fiddling with the htaccess file so you’ll need mod_rewrite enabled on your apache web server to be able to use it. You’ll have to find some other means if your web server is Microsoft’s IIS since it is not the scope of this article.

If you are a WordPress user, your .htaccess file will look something like the one below:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Plus whatever other rules that you may have included in your .htaccess file. For the hotlinking blacklist, you need to include the following lines into your .htaccess file:

RewriteCond %{HTTP_REFERER} ^http(s)?://(.*.)?blacklist1.dom.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(.*.)?blacklist2.dom.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(.*.)?blacklistlast.dom.*$ [NC]
RewriteCond %{REQUEST_URI} !/images/your-chosen-image.png
RewriteRule .(jpeg|jpg|gif|png)$ http://yoursite.com/images/your-chosen-image.png [NC,R,L]

To explain the code a bit, line 1 just makes sure that the enclosing lines are executed only when mod_rewrite module is loaded in your server.

Lines 2 & 3, are the sites you want to put into your exception list. Notice that the lines of code have [NC,OR] instead of just the [NC] in line 4. If you have more than 3 exceptions in your list you need to put the [NC,OR] at the end so that it will properly run.

Line 5 is required so that the code snippet will not go into an endless loop when your chosen image is being accessed from the sites in the exception list.

Line 6 contains the rewrite rule which basically redirects requests to images in your site to your “chosen image”. An alternative would be to stop it cold on its tracks with a forbidden message by using the following line instead.

RewriteRule .* - [F]

If you want to read more about url rewriting and the htaccess file, you can read the Apache URL Rewriting Engine page.

A twist in handling hotlinking. The reason these other sites are hotlinking to your files is that you have something that they need. That something is usually an image that they need the visitors of their site to view. If you think about it, the visitors on the hotlinking site are people who may actually be interested in your web site’s original content.

From what I’ve seen, most people put negative warnings on the images that they use. I think there is opportunity here to create a positive perspective to the situation. Instead of putting negative warnings, my suggestion is to use it as an opportunity to REDIRECT them to your web site instead by putting attractive banner ad images.

Let me explain the point. Let’s say you have a web site about photos of nature. Which do you think would have a greater chance of getting a positive response or attention to the reader of the site who is hotlinking to your photos about nature — the image on the left or the image on the right?

bandwidth-theft-warning
know-more-about-photography

Well, what do you think? Should you prevent hotlinking on your site?

Gerry Ilagan

Gerry Ilagan is into mobile apps and WordPress development at @speeqs. He loves to write about electronics, the Internet of Things, mobile phones, and #crazyideas.

Comments

Brian L
Reply

I searched Google for two days looking for a succint way to do this, thanks a ton!

christian
Reply

Tnx 🙂

Leave a comment

name*

email* (not published)

website