How To Prevent Hotlinking From Your Site
One of the biggest concerns of webmasters, particularly those who distribute
their own artwork or images, is hotlinking. Hotlinking occurs when someone links
to your image from another web site without your permission. Any time your image
is displayed no matter where it's displayed from, it takes a little bit
of bandwidth. Your site can end up running slow or shutting down altogether
if it is taking up too much bandwidth. As a result, hotlinking is also sometimes
referred to as bandwidth theft.
There are ways to prevent this from happening. This would mean that you would
need to keep your image files such as .png, .jpg, .jpeg, and .gif files
on your cgi server. You can also protect other files as well. However,
be very careful not to put files on the CGI server that are not supported or
your domain may be taken offline until you remove the files from the CGI server.
These files include .zip, .exe, .mp3 and other audio files. Please see our FAQ on
File Types Allowed On The CGI Server
for more information on allowable files on the CGI server. At the present time,
we do not have a way to protect files linked from the web server where you
normally put your files.
*** IMPORTANT NOTE***
This method can be tricky, especially for those unfamiliar with HTML and CGI.
There are a few things you will need to know before you can attempt this
procedure:
Since you will need to put your protected files on the CGI server, you will need
to request a CGI account if you haven't already
done so.
Please do not use a word processor
such as Microsoft Word, Microsoft Works, Open Office HTML editor, or Open Office
Writer (these are only a limited example of popular word processors). We suggest
you use a plain ASCII text editor such as
EditPlus or the FREE
1st Page 2000 HTML Editor.
In a pinch you can also use Windows Notepad. But be sure that your file is saved
with the right extension. It may be saved as .html.txt where you'll have to
rename it to just .html for example. This is especially useful for creating the
actual .htaccess file, since you want to be sure the file is plain text.
You need to know how to write HTML files. Do not use
What-You-See-Is-What-You-Get web editing software such as WebEditor 5, Netscape
Composer, FrontPage or FrontPage Express, DreamWeaver, Cold Fusion, etc. These
tend to add HTML code in that you may not intend. It's best to write your own
HTML code.
Do not use any HTML Ecryption or other HTML add-ins, plugins or software
on your computer that would change your HTML files before or when you upload them
to your server.
Always use a true FTP program. HTML editors and web site development
software with integrated FTP support is not a good idea because these
lack features you may need to use in order to upload your .htaccess file. Be
sure you understand how to use your FTP program. For help with setting up FTP
programs, please see our
FTP Programs FAQs.
Follow all instructions carefully. Do not change the .htaccess code we
give in the instructions below as doing so may cause this technique to not work
at all.
You can test your hotlinking method at the
Online Image Hotlinking Checker
by entering the URL to an image you uploaded to the CGI server using one of the
methods below. You can test to be sure it works on your own web server by
creating a test HTML page, and using the <img src> tag to link to the
same image on your CGI server. It should show up from your own test page but
not show up (or show your replacement image) at the Hotlinking Checker site.
Method 1: Replacing A Hotlinked Image With Another One
Create a small image, about 260 x 100, that you wish to display instead of the
actual image, should someone hotlink to your images. You can use this method to
embarass the hotlinker by putting text in this image that says "This image was
stolen!" or advertise your web site. Be Careful! Do not use lewd,
adult, or inappropriate images as you could be held responsible and may have
your domain taken offline as a result, even if it's showing up on another site.
Use a text editor such as Windows Notepad or
EditPlus to create an .htaccess file.
Type in the following in a new document in the text editor, replacing the
highlighted areas with your actual domain name. Save it as .htaccess (or if you
are using Windows, you can save it as htaccess.txt). Replace the
replacement_image.jpg URL with the URL to the image you wish to replace
the hotlinked image with. The code below assumes that you will be placing all
your images in a directory called images on your CGI server. It's best
to cut and paste the code into a text editor. If you type it in, be sure to
type in exactly what is below. Note that the | character is accomplished
by holding down the SHIFT key and hitting the \ key on a USA PC keyboard.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(\.)?yourdomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(\.)cgi\.?yourdomain\.com/ [NC]
RewriteCond %{REQUEST_URI} !^/images/replacement_image.jpg [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ http://cgi.yourdomain.com/images/replacement_image.jpg [R,L]
Log into your CGI Server using your CGI username and password you
receieved when you requested a CGI account.
Upload your .htaccess file to the main (root) directory (not a subdirectory). If
you created your file in Windows and saved it as htaccess.txt, rename the uploaded
file to .htaccess on your CGI server. Be sure that you upload it in ASCII Mode.
You may have to change a setting temporarily in your FTP program to do this.
Create a diretory to hold your images, such as images for example. Then
upload all the images you intend to use on your site in that directory. Be sure
that you upload your images in Binary Mode. You may have to change a setting
temporarily in your FTP program to do this.
Edit or create your HTML pages. Be sure to use the full URL path to your
images in you <img src=> tag. For example:
<img src="http://cgi.yourdomain.com/images/yourimage01.jpg">
Upload your HTML files to your web server. Note that you can also put
these files on your cgi server. You can pick either one. Just be
sure to provide the right URL to people you want to visit your site. For example,
if the HTML files are on your web server the URL will be something like
http://yourdomain.com/ and if the HTML files are on our cgi server then
the URL will be something like http://cgi.yourdomain.com/ (replace the
yourdomain.com with your actual domain name).
Method 2: Stopping Image Hotlinking
Use a text editor such as Windows Notepad or
EditPlus to create an .htaccess file.
Type in the following in a new document in the text editor, replacing the
highlighted areas with your actual domain name. Save it as .htaccess (or if you
are using Windows, you can save it as htaccess.txt). It's best to cut and paste
the code into a text editor. If you type it in, be sure to type in exactly
what is below. Note that the | character is accomplished by holding down the
SHIFT key and hitting the \ key on a USA PC keyboard.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(\.)?yourdomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(\.)cgi\.?yourdomain\.com/ [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ - [NC,F]
Log into your CGI Server using your CGI username and password you
receieved when you requested a CGI account.
Upload your .htaccess file to the main (root) directory (not a subdirectory). If
you created your file in Windows and saved it as htaccess.txt, rename the uploaded
file to .htaccess on your CGI server. Be sure that you upload it in ASCII Mode.
You may have to change a setting temporarily in your FTP program to do this.
Create a diretory to hold your images, such as images for example. Then
upload all the images you intend to use on your site in that directory. Be sure
that you upload your images in Binary Mode. You may have to change a setting
temporarily in your FTP program to do this.
Edit or create your HTML pages. Be sure to use the full URL path to your
images in you <img src=> tag. For example:
<img src="http://cgi.yourdomain.com/images/yourimage01.jpg">
Upload your HTML files to your web server. Note that you can also put
these files on your cgi server. You can pick either one. Just be
sure to provide the right URL to people you want to visit your site. For example,
if the HTML files are on your web server the URL will be something like
http://yourdomain.com/ and if the HTML files are on our cgi server then
the URL will be something like http://cgi.yourdomain.com/ (replace the
yourdomain.com with your actual domain name).
Method 3: Protecting Non-Image Files From Hotlinking
Use a text editor such as Windows Notepad or
EditPlus to create an .htaccess file.
Type in the following in a new document in the text editor, replacing the
highlighted areas with your actual domain name. Save it as .htaccess (or if you
are using Windows, you can save it as htaccess.txt). It's best to cut and paste
the code into a text editor. If you type it in, be sure to type in exactly
what is below. Note that the | character is accomplished by holding down the
SHIFT key and hitting the \ key on a USA PC keyboard.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(\.)?yourdomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(\.)cgi\.?yourdomain\.com/ [NC]
RewriteRule \.(html|php|xml|shtml|cgi|pl)$ - [NC,F]
Log into your CGI Server using your CGI username and password you
receieved when you requested a CGI account.
Upload your .htaccess file to the main (root) directory (not a subdirectory). If
you created your file in Windows and saved it as htaccess.txt, rename the uploaded
file to .htaccess on your CGI server. Be sure that you upload it in ASCII Mode.
You may have to change a setting temporarily in your FTP program to do this.
Create a diretory to hold your files. Then upload all the files you intend to
use on your site in that directory.
Be sure to link to the full URL path to your file, for example:
<a href="http://cgi.yourdomain.com/protected_files/mypage.html">My Protected Page</a>
Note that you could also ask to have your entire domain point to your CGI server,
so you can hold your entire site on your CGI server. However, the same rules
apply as to allowable files. If you have .zip, .mp3 or other files, they can not
be uploaded or protected on the CGI server.
Other Resources
To learn more about how to protect your files using .htaccess, please see the
following links:
|