Save bandwidth, block image hot linking

Image hot-linking is (simply put): other site is showing your image that still on your server. This can cause problem for bandwidth limited website, they steal your bandwidth! Also, this doesn’t make visitor from that notorious site to come to your site.  More visitor for them, more bandwidth lost for you. We will handle this issue using htaccess.

Remember that to use .htaccess fully (including this tips), you have to activate Apache mod_rewrite.

In our case, we will allow only few sites that directly show/link our image. Other sites that have no permission will show an error/no leech image. This is the full .htaccess code:

1
2
3
4
5
6
7
8
9
10
11
12

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^facebookexternalhit.*$ [OR]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ahowto.net [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mp32u.net [NC]
RewriteCond %{HTTP_REFERER} !^.*google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^.*bing.com/.*$ [NC]
RewriteCond %{REQUEST_URI}  !^/images/no_leech.jpg
RewriteRule \.(jpe?g|png|gif)$ http://www.ahowto.net/images/no_leech.jpg [L]
</IfModule>

The explanation:

• (line 1) Activate rule only if mod_rewrite is activated
• (line 4) we don’t allow Facebook bot to steal our image. Comment (#) this line if you want to allow Facebook to grab image from your site (this is used by Facebook to create thumbnail image whenever FB users posting your website  URL)
• (line 6-9) allow only few sites to direct link/hot link our image: ahowto.net, mp32u.net, google.com and bing.com
• (line 10) don’t apply the rule for “no leech” image that will be served to bandwidth leecher/stealer. Don’t forget this line, or you’ll get forever loop that eventually stress your webserver.
• (line 11) Serve the leecher with our error/no leech image. I suggest you to use more informative image, such as image that contain messages “visit my site to view the image”

just an example that might annoy bandwidth stealer

Special case for Wordpress

Yes, I know that there are few “anti-leech/anti-hot-link” plugins out there, but make sure they have the correct htaccess code placement. Make sure the placement is before main wordpress htaccess default code. So, your wordpress blog htaccess code would be like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# BEGIN Hotlink Protection
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^facebookexternalhit.*$ [OR]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ahowto.net [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mp32u.net [NC]
RewriteCond %{HTTP_REFERER} !^.*google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^.*bing.com/.*$ [NC]
RewriteCond %{REQUEST_URI}  !^/images/no_leech.jpg
RewriteRule \.(jpe?g|png|gif)$ http://www.ahowto.net/images/no_leech.jpg [L]
</IfModule>
# END Hotlink Protection
 
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Related Posts via Taxonomies

• Debian 6 : preparing the server for higher score in Page Speed and YSlow (4)
• Achieving what W3 Total Cache does for your non-WordPress site (4)
• Controlling your visitors/users bandwidth usage and speed using mod_cband (3)
• Create SOCKS5 server (3)
• Nginx: redirect non-www to www address‏ (3)