Htaccess: Preventing hot linking

From The Uniform Server Wiki
Revision as of 14:25, 9 September 2011 by BobS (talk | contribs) (Punctuation and grammatical changes; some clarification.)
Jump to navigation Jump to search

MPG UniCenter

.htaccess: Introduction | Site error documents | Prevent Directory Listing | Redirect | Preventing hot linking |

.htaccess - Apache directory-level configuration file

Hot linking

What is hot linking? It's when someone links to some content on your server and uses your server to deliver the goods. It could be images or any non-html objects. They are effectively stealing your bandwidth at your expense.

Uniform Server has mod-rewrite enabled, allowing you to rewrite the requested URL on-the-fly based on configuration directives and rules. It's as complex as it sounds. I found this code on the Internet which prevents hot linking to images on your site.

Just pop this code into your root .htaccess file for global effect, or a sub-folder to localise the effect to just one section of your site:

Serve a broken image

This code produces a broken image to be displayed when it's hot linked. Make sure to replace "mydomain.com" with your own.

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

Or

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?(subdomain_mydomain\.)?mydomain.com/ [NC]
RewriteRule \.(jpe?g|gif|png|bmp)$ - [F] 

Link: I think the original source came from here: webmasterworld.com

Serve an alternative image

Remember, it's your server and you can do what you like, so why not serve an alternative image in your favor. Again, remember to replace "mydomain.com" with your own:

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/nasty.gif [R,L]

General note

I have seen several cases where mod rewrite is used in .htaccess files and the line

Options +FollowSymLinks

is missing, which effectively informs Apache to ignore mod_rewrite.

This error shows up in the log files as:

[client 127.0.0.1] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: W:/www/textpattern/