Preventing hot linking of images and other file types

Preventing hot linking of images and other file types

In the webmaster community, "hot linking" is a curse phrase. Also known as "bandwidth stealing" by
the angry site owner,  it refers to linking directly to non-html objects not on one own's server,
such as images, .js files etc. The victim's server in this case is robbed of bandwidth (and in turn
money) as the violator enjoys showing content without having to pay for its deliverance. The most
common practice of hot linking pertains to another site's images.

Using .htaccess, you can disallow hot linking on your server, so those attempting to link to an
image or CSS file on your site, for example, is either blocked (failed request, such as a broken
image) or served a different content (ie: an image of an angry man) . Note that mod_rewrite needs to
be enabled on your server in order for this aspect of .htaccess to work. Inquire your web host
regarding this.

With all the pieces in place, here's how to disable hot linking of certain file types on your site,
in the case below, images, JavaScript (js) and CSS (css) files on your site. Simply add the below
code to your .htaccess file, and upload the file either to your root directory, or a particular
subdirectory to localize the effect to just one section of your site:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.com/.*$ [NC]
RewriteRule .(gif|jpg|js|css)$ - [F]

Be sure to replace "mydomain.com" with your own. The above code creates a failed request when hot
linking of the specified file types occurs. In the case of images, a broken image is shown instead.
Serving alternate content when hot linking is detected

You can set up your .htaccess file to actually serve up different content when hot linking occurs.
This is more commonly done with images, such as serving up an Angry Man image in place of the hot
linked one. The code for this is:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.com/.*$ [NC]
RewriteRule .(gif|jpg)$ http://www.mydomain.com/up-yours.gif [R,L]

Same deal- replace mydomain.com with your own, plus up-yours.gif.