Knowledgebase: General QA
How Do I Stop Hotlinking and Bandwidth Theft!
Posted by Jeff Ball on 14 September 2007 03:01 AM

You can stop others from hotlinking your site's files by placing a file called .htaccess in your Apache site root (main) directory. The period before the name makes the file hidden - When using our control panel - make sure you enabled "show hidden files" allowing you to view and edit your .htaccess file.

Example: Your url is To stop hotlinking your images from other sites, place the following code in your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://.*$
RewriteRule \.(jpe?g|gif|bmp|png)$ /media/nohotlinks.png [L]

* Before we do any redirect, we set down some conditions — those are the two RewriteConds. The first checks if the variable HTTP_REFERER does not start with either or (the question mark meaning “zero or one occurences of the preceding brackets,” and the exclamation mark negating the match). The [NC] flag simply makes the match case-insensitive.

* The second condition checks if no referrer was sent, which may occur if a visitor typed the image’s address into the location bar. We don’t want to block those requests.

* The third condition checks if the referrer header does actually contain another website’s URL. This is to guard against doing the wrong thing in the case of users with special software on their computers that replace all referrer headers they send with text like “Blocked by personal firewall.” Again, we dont want to block those requests.

* If all of these conditions are true, we know that the image is being requested from a remote site, and can go ahead with the redirect. HTTP_REFERER (with one ) is not a mistake; some joker on the HTTP team just couldn’t spell, and this has survived as a geeky joke ever since.

* The RewriteRule itself is a simple one. It simply looks at the file extension of the file being served. If the file has any of the extensions listed, it is rewritten to our nohotlinks image.

If you would like instead to simply block the images completely and not redirect to another image, you can send back a “403 Forbidden” error message by replacing the RewriteRule above with this:

RewriteRule \.(jpe?g|gif|bmp|png)$ - [F]

Solution 2

To stop hotlinking from specific outside domains only, such as, and, but allow any other web site to hotlink images:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means "Or Next", as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.

You can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

Warning - As with any htaccess rewrites, you may block some legitimate traffic (such as users behind proxies or firewalls) using these techniques.

or go to .htaccess tools to create your .htaccess for you



If your still experiencing difficulties, please submit a support ticket include detailed description how to duplicate problem

Leave a comment below, if there is some aspect of this article you would like to see changed or improved.

(316 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).