Files...
July 15, 2012
Hot Linking
I don't mind if a low traffic web page hot-links to one of my images, the additional load it puts on my server is minimal and not worth fretting about. The domain in question has been in use for 14 years and hot-linking had not been a problem all these years. But this schmuck, to be kind, used one of my images as his avatar at a fairly high traffic forum. Now he is blocked but so are all the lesser infringers who I didn't mind. They can thank the avatar thief. BTW, now he is stealing someone else's bandwidth, using a different image. I guess he does not much care about his identity. Schmuck.
Most forum software gives you the alternative to hot-link or to upload the avatar. There is nothing wrong with hot-linking from one of your own servers but if the image is on a third party server the least you can do is to upload it to the forum server.
Hotlink Protection
If your server uses cPanel you can activate the hotlink protection right there, once you get past the incredibly confusing interface and the lack of clear instructions. Here is the screen dump of the interface and below are the instructions.
cPanel Instructions
To start, click the hotlink 'Enable' button above the form
Note: If you disable hotlink protection the information you entered on this form will be lost. You should make a copy of it and keep it in a safe place.
Urls to Allow Access:
These are the URLs that are allowed to link to your images. cPanel will pre-load the URLs know to it including your main domain, subdomains and parked domains both with and without the 'www' prefix. If you want to allow Google and other search engines to see your images, you'll have to include their URLs. Here is a partial list:
http://image.baidu.com
http://images.search.yahoo.com
http://translate.googleusercontent.*
http://www.bing.com
http://www.google.*
http://www.tumblr.com
Extensions to allow (separate by commas):
This entry starts with '.*' followed by a comma separated list of the file extentions you want to protect, for example:
.*jpg,gif,bnp
Note: This has a bug. Every time you access this page, cPanel adds an extra '.*' in front of the string and you need to remove it before resubmitting the form with any changes.
Url to Redirect to:
If you don't provide an alternate URL, the server will send an 'Error 403 Forbidden' header.
If you do provide a redirect URL you have to make sure the file extension of this URL is NOT on the list above! Otherwise it will create multiple redirects until the browser quits. The list '.*jpg,gif,bnp' already includes all the useful extensions. The solution I found was to use the four letter extension 'jpeg' as in http://myDomain.com.hotlink.jpeg
Allow direct requests (ie. entering the URL to an image in your browser)
This checkbox allows you to override the hotlink protection when you enter the file's URL directly in your browser. I find this useful because it allows me to inspect images that would otherwise be denied. And since this cannot be used for massive access to images, I see no danger in allowing it.
More text boxes
There are two additional text boxes and a checkbox below the ones we alreasy discussed. I could find NO USE for them. cPanel copies the info from the corresponding top box to the lower one. Whether this is a feature or a bug is a total mystery to me.
.htaccess Instructions
cPanel creates a series of .htaccess lines. You can do it manually as well. Start by labeling the code and turning on the Rewrite engine if not on already:
# hotlink protection
RewriteEngine on
Next, if you want to enable direct access from the browser, the equivalent of 'Allow direct requests' checkbox, add the folowing line:
# enable direct access from the browser
RewriteCond %{HTTP_REFERER} !^$
Next comes the list of allowed URLs, two lines per URL:
# Urls to Allow Access:
RewriteCond %{HTTP_REFERER} !^http://myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://myDomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://subDomain.myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://subDomain.myDomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myDomain.com$ [NC]
To finish the job you add the rewrite rule, one of two. If you want to redirect to a hotlink image use:
# redirect to hotlink image
RewriteRule .*\.(.*jpg|gif|png)$ http://myDomain.com/hotlinkjpeg [R,NC]
If you only want to forbid hotlinking without a redirection to an image, use
# forbid hotlinking, no redirect
RewriteRule .*\.(.*jpg|gif|png)$ - [F,NC]
Note: The list of forbidden extensions appears between parenthesis in the RewriteRule command but the commas have been replaced by vertical bars, the 'OR' operand.
Putting it all together it would look like this:
# hotlink protection
RewriteEngine on
# enable direct access from the browser
RewriteCond %{HTTP_REFERER} !^$
# Urls to Allow Access:
RewriteCond %{HTTP_REFERER} !^http://myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://myDomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://subDomain.myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://subDomain.myDomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myDomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myDomain.com$ [NC]
# redirect to hotlink image
# comment out if not needed
RewriteRule .*\.(.*jpg|gif|png)$ http://myDomain.com/hotlinkjpeg [R,NC]
# or forbid hotlinking, no redirect
# comment out if not needed
RewriteRule .*\.(.*jpg|gif|png)$ - [F,NC]
Denny Schlesinger
Copyright © Software Times, 2000, 2001, 2003. All rights reserved
Last updated March 8, 2009.
Last updated March 8, 2009.