Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
Hotlink Protection Tutorial (Apache Server - .htaccess files)
NeutralizeR
Join Date: Aug 2005
Posts: 355

by NeutralizeR NeutralizeR is offline 25 Jul 2006

What is hotlinking and bandwidth theft?

Bandwidth theft or "hotlinking" is direct linking to a web site's files (images, video, etc.). An example would be using an <img> tag to display a JPEG image you found on someone else's web page so it will appear on your own site, eBay auction listing, weblog, forum message post, etc.

Bandwidth refers to the amount of data transferred from a web site to a user's computer. When you view a web page, you are using that site's bandwidth to display the files. Since web hosts charge based on the amount of data transferred, bandwidth is an issue. If a site is over its monthly bandwidth, it's billed for the extra data or taken offline.

A simple analogy for bandwidth theft: Imagine a random stranger plugging into your electrical outlets, using your electricity without your consent, and you paying for it.

How Do I know I am hotlinking?

This is how you might display an image graphic file in the HTML on your own web page:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This tag tells the site to request the file image.jpg on the same server as the rest of the files on the site. If you were to hotlink an image from an outside server, the HTML might look like this:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This tag tells the site to request the image.jpg from a different server other than your own. Every time the page is loaded, the outside server has to use its bandwidth to display the image. To avoid this problem, don't link to files on servers that don't belong to you. To share images and files on your own web page, upload them to your own server's directory or to a free image hosting service that allows direct linking.

Why should I stop hotlinking?

Hotlinking can have a lot of undesirable consequences. One is the so-called "switcheroo". If you've linked to an image on someone's server, what's to prevent them from changing the image you linked to? This can have humorous results. Since most sites, forums, etc. have strict policies about offensive images, it wouldn't take much for an aggravated webmaster you've been stealing bandwidth from to shut you down completely with an unwanted "switcheroo".

Displaying an image or file that doesn't belong to could be a violation of copyright, making you open to litigation. The owner of the file could utilize DMCA law to have your site shut down and your information given for use in legal proceedings.

How can I test to see if my image can be hotlinked?

Use our URL hotlink checker below to check the hotlinking protection (such as an htaccess file) on your web site. Enter the complete URL below (ex: http://mysite.com/image.jpg) to see if your image can be loaded and hotlinked by an outside server.

Click to go to the Resource & Test Page

******************************************
******************************************
******************************************
Following text may not be an ultra professional experience but i've been using these techniques for 2 years and they are working great for me.

I've been running two dedicated servers and i've full control over them (my .htaccess file lines included in my httpd.conf file). If your hosting is shared and got some restrictions to use .htaccess files on your account, you should contact your hosting company first to enable them.
Notice: .htaccess files can only be used by Apache web servers and they will not work on a windows system.

Hotlink Protection Enabled .htaccess File Tutorial

-Create a new TXT file named *'sample.htaccess' and open it with your text editor (NotePad). *Windows users won't be able to create it as '.htaccess' so you have to rename 'sample.htaccess' to '.htaccess' after it's been uploaded to your server.

-Copy and paste the following lines to 'sample.htaccess' file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
http://www.yourdomain.com/forum/ [R,NC]
-Change RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com with your domain name.
-Upload 'sample.htaccess' file to your web server's root and rename it to '.htaccess'.

Read the following text to figure out how to customize your own .htaccess file.

RewriteCond %{HTTP_REFERER} !^$ = Allow direct requests (ie. entering the url to an image in your browser). People can't publish your image files at their own web pages but they still can view them by entering their url in the browser window. These images can also be viewed (shared) by clicking on their urls in Instant Messenger windows.

[NC] = "No Case", meaning match the url regardless of being in upper or lower case letters.

[R] = Redirect

*(jpg|jpeg|gif|png|bmp|swf) = Files to block

I used to redirect blocked files to a custom .jpe image file. If you prefer this option, you should use the following .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com/nohotlinking.jpe [R,NC]
Upload a tiny jpg file with a text on it like "Hotlinking is not allowed!" and change it's extension to .jpe. This JPEG image is using the extension jpe instead of jpg to prevent blocking your own replacement image.

My .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org$ [NC]
RewriteRule .*\.(mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ http://www.msxlabs.org/forum/ [R,NC]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.msxlabs.org/forum/ [R,NC]
This .htaccess file redirects people to my forum homepage who are trying to access the file types which are listed in the blocked files list.

First piece of lines got RewriteCond %{HTTP_REFERER} !^$ line as i don't want people to be able to access those kind of files directly. (The protection for the image files doesn't have that line)

If you don't want a redirection for (mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe), you can use replace that line with the following display your Error Code 404 page:

RewriteRule .*\.(mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ [F,NC]
Example: 404 - MsXLabs

.htaccess files effect the folder it's in and all of the subfolders.

If you want to exclude a subfolder from the hotlink protection, create another .htaccess file with the lines below and upload it to that directory:
RewriteEngine on
RewriteRule ^.*$ -
IMPORTANT NOTE: PLEASE DELETE ANY EXTRA SPACES ADDED BY VBULLETIN. (jpg|jpeg|gif|png|bmp|swf) THERE SHOULD'T BE ANY SPACES BETWEEN THE EXTENSION TYPES.
Feel free to reply this thread if i made some mistakes

This tutorial is written by NeutralizeR @ MsXLabs Organization

Last edited by NeutralizeR; 22 Mar 2008 at 08:31..
Views: 22483
Reply With Quote
Comments
  #2  
Old 25 Jul 2006, 17:53
zooki zooki is offline
 
Join Date: Jun 2006
Hi I have just read through it, and this is a great Tutorial thank you! I have been looking for a guide such as this......

I hope to try it out when i have got some free time..

Again thank you. ahhh ur from Turkiye, cok sukur! (note for mods: it means thanks lol)
Reply With Quote
  #3  
Old 25 Jul 2006, 20:59
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Real name: Joe Velez
great article thanks for sharing
__________________
Latest Articles:
Liquid Layout = Less Ad Revenue?
How to Monetize Your Site
Improve Web Page Performance
How To Write For The Web


If it needs instructions, there's room for improvement.
Give users what they actually want, not what they say they want. And whatever you do, don't give them new features just because your competitors have them!
Reply With Quote
  #4  
Old 26 Jul 2006, 20:16
david05 david05 is offline
 
Join Date: Jul 2006
thank you very much. It's very useful.

If I have two websites (two domains), and I want to post the link to the second one. How could I do it?

Thank you
Reply With Quote
  #5  
Old 26 Jul 2006, 21:32
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
Originally Posted by david05
thank you very much. It's very useful.

If I have two websites (two domains), and I want to post the link to the second one. How could I do it?

Thank you
You should add these extra two lines for each domain you want to allow:

RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
Example:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourotherdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourotherdomain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com/forum/ [R,NC]
This image is located in a hotlink protected directory:
------- > It must be broken here. (Hotlink protected with forum home redirection)

This line allows it to be viewed by an empty referrer:
RewriteCond %{HTTP_REFERER} !^$
Copy the url below, open a new browser window and paste it to address bar:
http://www.msxlabs.org/images/acting...sxlabs.com.gif

Once it's cached by your browser, you can view the image above in this post, too.

I used to redirect hotlink protected image files to a small gif file which was located in a non-hotlink protected directory:


Non-image files are always being redirected to my forum homepage.
__________________
MsXLabs Forum

Last edited by NeutralizeR; 26 Jul 2006 at 21:53. Reason: Automerged Doublepost
Reply With Quote
  #6  
Old 27 Jul 2006, 06:05
Freesteyelz's Avatar
Freesteyelz Freesteyelz is offline
 
Join Date: Jan 2006
Fantastic article, NeutralizeR.

I've been doing this for a while and it worked previously. Now for whatever reason images show up from my forum directory; but all other directories prevent hotlinks. For example:

Hotlink protection works in (root):


Hotlink protection works in /test folder:


Hotlink protection fails in /forum directory:


My .htaccess code is:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Any help is appreciated.
__________________


Reply With Quote
  #7  
Old 27 Jul 2006, 09:38
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
It seems you use vBSEO-Sitemap Generator or something similar... and there is an extra .htaccess file which doesn't include hotlink protection rules in the forum directory. Check it
__________________
MsXLabs Forum
Reply With Quote
  #8  
Old 29 Jul 2006, 11:32
Freesteyelz's Avatar
Freesteyelz Freesteyelz is offline
 
Join Date: Jan 2006
Wow. I completely missed the forum .htaccess file I use for the custom URL rewrites. Thank you, NeutralizeR, again for the great article and for the help.

*The above forum image in my previous post no longer shows up.
__________________


Reply With Quote
  #9  
Old 28 Sep 2006, 21:39
rolandogomez's Avatar
rolandogomez rolandogomez is offline
 
Join Date: Jan 2006
Location: San Antonio
Thumbs up Root or no root? which root?

I have a "private" directory where I use images out of there to post on other forums and I don't want that to be protected as I need to use this. I'm also installed the VBImage Hosting, so would it be safe to say I'd put this .htaccess file in my "Photo Post" root directory and not the site's root or the forum root? The whole idea of VB Image Host is so certain members can use it to post in places like Myspace.

Thanks, rg sends!
__________________
Photographer & author (three books on Amazon.com), GarageGlamour.com, RolandoGomez.net
Reply With Quote
  #10  
Old 28 Sep 2006, 23:01
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
Originally Posted by rolandogomez
I have a "private" directory where I use images out of there to post on other forums and I don't want that to be protected as I need to use this. I'm also installed the VBImage Hosting, so would it be safe to say I'd put this .htaccess file in my "Photo Post" root directory and not the site's root or the forum root? The whole idea of VB Image Host is so certain members can use it to post in places like Myspace.

Thanks, rg sends!
If you want to exclude a subfolder from the hotlink protection, create another .htaccess file with the lines below and upload it to that directory:
RewriteEngine on
RewriteRule ^.*$ -
__________________
MsXLabs Forum
Reply With Quote
  #11  
Old 01 Oct 2006, 09:49
MrOnline MrOnline is offline
 
Join Date: Feb 2006
hmm

when i try this all i get is
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@tvandsportstreams.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Reply With Quote
  #12  
Old 01 Oct 2006, 17:31
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
Originally Posted by MrOnline
when i try this all i get is
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@tvandsportstreams.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
There must be a misspelling or an extra space in your .htaccess file.
Please paste the contents of your .htaccess file here.
__________________
MsXLabs Forum
Reply With Quote
  #13  
Old 01 Oct 2006, 21:04
MrOnline MrOnline is offline
 
Join Date: Feb 2006
my .htaccess file

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.tvandsportstreams.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tvandsportstreams.com$ [NC]
RewriteRule .*\.(mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ http://www.tvandsportstreams.com/forum/ [F,NC]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.tvandsportstreams.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.tvandsportstreams.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.tvandsportstreams.com/forum/ [F,NC]

had a better look and changed it to the following


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Last edited by MrOnline; 01 Oct 2006 at 21:11. Reason: Automerged Doublepost
Reply With Quote
  #14  
Old 01 Oct 2006, 22:50
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
So, is it working now?

This is mine (in httpd.conf):

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

__________________
MsXLabs Forum
Reply With Quote
  #15  
Old 01 Oct 2006, 23:13
MrOnline MrOnline is offline
 
Join Date: Feb 2006
nope, still got same error

if i was to use it in .conf file, should i then have it in apaceh.conf ??

Kinda noob in linux world :-)
And will it interfer with other sites hosted on same server if i do it in root ?
Not sure where i can do it or what to do if there are more than 1 site i will protect for this..

Last edited by MrOnline; 02 Oct 2006 at 00:13.
Reply With Quote
Reply

Similar Article
Article Author Type Replies Last Post
htaccess Protection for admincp & any dir Omranic Modification Graveyard 47 10 Jan 2007 13:06



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 10:51.

Layout Options | Width: Wide Color: