Active Web Hosting Logo


How To Prevent Hotlinking From Your Site

One of the biggest concerns of webmasters, particularly those who distribute their own artwork or images, is hotlinking. Hotlinking occurs when someone links to your image from another web site without your permission. Any time your image is displayed no matter where it's displayed from, it takes a little bit of bandwidth. Your site can end up running slow or shutting down altogether if it is taking up too much bandwidth. As a result, hotlinking is also sometimes referred to as bandwidth theft.

There are ways to prevent this from happening. This would mean that you would need to keep your image files such as .png, .jpg, .jpeg, and .gif files on your cgi server. You can also protect other files as well. However, be very careful not to put files on the CGI server that are not supported or your domain may be taken offline until you remove the files from the CGI server. These files include .zip, .exe, .mp3 and other audio files. Please see our FAQ on File Types Allowed On The CGI Server for more information on allowable files on the CGI server. At the present time, we do not have a way to protect files linked from the web server where you normally put your files.


*** IMPORTANT NOTE***
This method can be tricky, especially for those unfamiliar with HTML and CGI.


There are a few things you will need to know before you can attempt this procedure:

  • Since you will need to put your protected files on the CGI server, you will need to request a CGI account if you haven't already done so.

  • Please do not use a word processor such as Microsoft Word, Microsoft Works, Open Office HTML editor, or Open Office Writer (these are only a limited example of popular word processors). We suggest you use a plain ASCII text editor such as EditPlus or the FREE 1st Page 2000 HTML Editor. In a pinch you can also use Windows Notepad. But be sure that your file is saved with the right extension. It may be saved as .html.txt where you'll have to rename it to just .html for example. This is especially useful for creating the actual .htaccess file, since you want to be sure the file is plain text.

  • You need to know how to write HTML files. Do not use What-You-See-Is-What-You-Get web editing software such as WebEditor 5, Netscape Composer, FrontPage or FrontPage Express, DreamWeaver, Cold Fusion, etc. These tend to add HTML code in that you may not intend. It's best to write your own HTML code.

  • Do not use any HTML Ecryption or other HTML add-ins, plugins or software on your computer that would change your HTML files before or when you upload them to your server.

  • Always use a true FTP program. HTML editors and web site development software with integrated FTP support is not a good idea because these lack features you may need to use in order to upload your .htaccess file. Be sure you understand how to use your FTP program. For help with setting up FTP programs, please see our FTP Programs FAQs.

  • Follow all instructions carefully. Do not change the .htaccess code we give in the instructions below as doing so may cause this technique to not work at all.

  • You can test your hotlinking method at the Online Image Hotlinking Checker by entering the URL to an image you uploaded to the CGI server using one of the methods below. You can test to be sure it works on your own web server by creating a test HTML page, and using the <img src> tag to link to the same image on your CGI server. It should show up from your own test page but not show up (or show your replacement image) at the Hotlinking Checker site.


Method 1: Replacing A Hotlinked Image With Another One

  1. Create a small image, about 260 x 100, that you wish to display instead of the actual image, should someone hotlink to your images. You can use this method to embarass the hotlinker by putting text in this image that says "This image was stolen!" or advertise your web site. Be Careful! Do not use lewd, adult, or inappropriate images as you could be held responsible and may have your domain taken offline as a result, even if it's showing up on another site.

  2. Use a text editor such as Windows Notepad or EditPlus to create an .htaccess file. Type in the following in a new document in the text editor, replacing the highlighted areas with your actual domain name. Save it as .htaccess (or if you are using Windows, you can save it as htaccess.txt). Replace the replacement_image.jpg URL with the URL to the image you wish to replace the hotlinked image with. The code below assumes that you will be placing all your images in a directory called images on your CGI server. It's best to cut and paste the code into a text editor. If you type it in, be sure to type in exactly what is below. Note that the | character is accomplished by holding down the SHIFT key and hitting the \ key on a USA PC keyboard.

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(\.)?yourdomain\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(\.)cgi\.?yourdomain\.com/ [NC]
    RewriteCond %{REQUEST_URI} !^/images/replacement_image.jpg [NC]
    RewriteRule \.(jpe?g|gif|bmp|png)$ http://cgi.yourdomain.com/images/replacement_image.jpg [R,L]

  3. Log into your CGI Server using your CGI username and password you receieved when you requested a CGI account.

  4. Upload your .htaccess file to the main (root) directory (not a subdirectory). If you created your file in Windows and saved it as htaccess.txt, rename the uploaded file to .htaccess on your CGI server. Be sure that you upload it in ASCII Mode. You may have to change a setting temporarily in your FTP program to do this.

  5. Create a diretory to hold your images, such as images for example. Then upload all the images you intend to use on your site in that directory. Be sure that you upload your images in Binary Mode. You may have to change a setting temporarily in your FTP program to do this.

  6. Edit or create your HTML pages. Be sure to use the full URL path to your images in you <img src=> tag. For example:

    <img src="http://cgi.yourdomain.com/images/yourimage01.jpg">

  7. Upload your HTML files to your web server. Note that you can also put these files on your cgi server. You can pick either one. Just be sure to provide the right URL to people you want to visit your site. For example, if the HTML files are on your web server the URL will be something like http://yourdomain.com/ and if the HTML files are on our cgi server then the URL will be something like http://cgi.yourdomain.com/ (replace the yourdomain.com with your actual domain name).

Method 2: Stopping Image Hotlinking

  1. Use a text editor such as Windows Notepad or EditPlus to create an .htaccess file. Type in the following in a new document in the text editor, replacing the highlighted areas with your actual domain name. Save it as .htaccess (or if you are using Windows, you can save it as htaccess.txt). It's best to cut and paste the code into a text editor. If you type it in, be sure to type in exactly what is below. Note that the | character is accomplished by holding down the SHIFT key and hitting the \ key on a USA PC keyboard.

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(\.)?yourdomain\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(\.)cgi\.?yourdomain\.com/ [NC]
    RewriteRule \.(jpe?g|gif|bmp|png)$ - [NC,F]

  2. Log into your CGI Server using your CGI username and password you receieved when you requested a CGI account.

  3. Upload your .htaccess file to the main (root) directory (not a subdirectory). If you created your file in Windows and saved it as htaccess.txt, rename the uploaded file to .htaccess on your CGI server. Be sure that you upload it in ASCII Mode. You may have to change a setting temporarily in your FTP program to do this.

  4. Create a diretory to hold your images, such as images for example. Then upload all the images you intend to use on your site in that directory. Be sure that you upload your images in Binary Mode. You may have to change a setting temporarily in your FTP program to do this.

  5. Edit or create your HTML pages. Be sure to use the full URL path to your images in you <img src=> tag. For example:

    <img src="http://cgi.yourdomain.com/images/yourimage01.jpg">

  6. Upload your HTML files to your web server. Note that you can also put these files on your cgi server. You can pick either one. Just be sure to provide the right URL to people you want to visit your site. For example, if the HTML files are on your web server the URL will be something like http://yourdomain.com/ and if the HTML files are on our cgi server then the URL will be something like http://cgi.yourdomain.com/ (replace the yourdomain.com with your actual domain name).

Method 3: Protecting Non-Image Files From Hotlinking

  1. Use a text editor such as Windows Notepad or EditPlus to create an .htaccess file. Type in the following in a new document in the text editor, replacing the highlighted areas with your actual domain name. Save it as .htaccess (or if you are using Windows, you can save it as htaccess.txt). It's best to cut and paste the code into a text editor. If you type it in, be sure to type in exactly what is below. Note that the | character is accomplished by holding down the SHIFT key and hitting the \ key on a USA PC keyboard.

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(\.)?yourdomain\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(\.)cgi\.?yourdomain\.com/ [NC]
    RewriteRule \.(html|php|xml|shtml|cgi|pl)$ - [NC,F]

  2. Log into your CGI Server using your CGI username and password you receieved when you requested a CGI account.

  3. Upload your .htaccess file to the main (root) directory (not a subdirectory). If you created your file in Windows and saved it as htaccess.txt, rename the uploaded file to .htaccess on your CGI server. Be sure that you upload it in ASCII Mode. You may have to change a setting temporarily in your FTP program to do this.

  4. Create a diretory to hold your files. Then upload all the files you intend to use on your site in that directory.

  5. Be sure to link to the full URL path to your file, for example:

    <a href="http://cgi.yourdomain.com/protected_files/mypage.html">My Protected Page</a>

Note that you could also ask to have your entire domain point to your CGI server, so you can hold your entire site on your CGI server. However, the same rules apply as to allowable files. If you have .zip, .mp3 or other files, they can not be uploaded or protected on the CGI server.

Other Resources

To learn more about how to protect your files using .htaccess, please see the following links:

 


Home - Support - Management - About Us
... Active Web Hosting, 1445 American Pacific Dr. Ste 110-318, Henderson, NV 89074 ...
Toll-Free (800) 946-7764   Fax: (702) 567-1831