1

I've been seeing a lot of requests for images hosted on my server from other websites.

Rather than allow this to carry on, I'm considering using mod_rewrite and .htaccess to prevent this using something like

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|png)$ - [F]

I'm sure I read somewhere that there may be some kind of undesirable side-effects or "gotchas" that can catch you out, but can't find the source or anything about it. Most sites only give you the code snippet rather than discussing the advantages and disadvantages of the approach.

Are there any such undesirable side-effects or "gotchas" that I should be aware of if I choose to put this on my server?

chrisbunney
  • 463
  • 2
  • 9
  • 20

2 Answers2

3

The only real gotchas are if you try to use the images from, say, mobile.yourdomain.com or someotherdomainIown.net, and they get blocked by this. I've also seen many admins redirect hotlinked images to other images, like: "This person is stealing bandwidth from yourdomain.com".

Ryan Gooler
  • 351
  • 1
  • 9
2

I have been using it in my sites for years (configured using CPanel) and it works fine, as long only want it for saving bandwidth. You only need to remember to update the file when you add another domain/subdomain or they will blocked too.

If properly configured it doesn't block people with blank referrers as suggested in another answer, it only block connections that have a referrer that is not in the allowed list.

Also, I changed the script to redirect to a PHP file, so I can take different actions depending on the domain and the type of file requested:

RewriteRule .*\.(jpg|jpeg|gif|png|mp4|mp3)$ http://www.example.com/hotlink.php?%{SERVER_NAME}%{REQUEST_URI} [R,NC]

In this way the PHP script receive the domain name (I have several domains hosted in the same account) and the URL that triggered the hotlink protection.

Alberto Martinez
  • 451
  • 2
  • 6