Prevent image hotlinking

 

Overview

This article explains how to use an .htaccess file to prevent images from being hotlinked from a different website.

Background

Hotlinking (or bandwidth stealing) is a common problem. It happens when people link to files and images on a different server and display them on their own website, using the bandwidth of the original owner at their expense.

Preventing hotlinking in the panel

If you don't wish to take the manual approach, you can prevent hotlinking by enabling it in the panel on the Htaccess/WebDAV page. Click on your domain and proceed with the steps to enable this feature.

Preventing hotlinking with an .htaccess file

The following sections walk you through creating and editing an .htaccess file to protect your website's content.

Create an .htaccess file

See this article for instructions on creating an .htaccess file on your web server. If the file already exists, view the following articles for instructions on how to update it (depending on if you're using an FTP client or SSH):

The examples below can be entered into your .htaccess file exactly as shown. Only if the example contains highlighted code should you change that to your actual URL or file name.

Add code to your .htaccess file

Redirect to an image of your choice

This example causes any hotlinked image to redirect to an image of your choice explaining that hotlinking is disabled on your server.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC] 
RewriteRule \.(gif|jpg)$ https://www.example.com/hotlink.gif [R,L]

Block specific domains

This example fails to load a hotlinked file on the third-party site but does not throw an error.

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https://(www\.)?example\.com(/.*)*$ [NC,OR]
RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|mng|MNG)$ - [F]

To protect other resources, such as video and audio files, add additional extensions to the RewriteRule parentheses block.

Allow only specific domains

This example only allows specific sites to load content. For example, the following code allows only example.com and dreamhost.com to load the content. All other sites attempting to request any resource fail to load the resource, but no errors are thrown:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https://(www\.)?dreamhost\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpeg|gif|png)$ - [F]

For further examples of how to block traffic by IP or domain, see the denying access article.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?