Disable Image Hotlinking with .htaccess

It’s always a good idea to disable image hotlinking. Image hotlinking is when someone else displays your image on their website, but they embed it from your site. This means that visitors to this other site don’t know the image came from (And is still hosted on) your website, and that your server is being used to load the image! To protect your server, and your images, disable that from happening! (Note, this will not stop people from downloading your images and hosting them themselves, but it will prevent extra strain on your server).

The code

All you have to do is add this code into your .htaccess file and save it! Like all file changes, it can take some time before it updates everywhere, but you can speed up the process on your devices simply by clearing your browser’s cache. This code snippet will block image hotlinking. It does this by checking the URL that is requesting the image, and if it does not match your URL, it will block the request.

Disable All Image Hotlinking


RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http?://(.+\.)?example.com [NC] RewriteRule \.(jpe?g|bmp|png|gif)$ - [NC,F,L]

IMPORTANT! The "RewriteEngine on" line should only be found ONCE in your entire .htaccess file. If it is needed, is should be located before any other statements (At the top of the file).

Note: An .htaccess file located in a sub-directory overrides any duplicate rules from previous .htaccess files. For example, if you have a .htaccess file located in the root defining a 404 and 403 error page, and another .htaccess located in the “test” folder defining only a 404 error page, any files and folders in the “test” folder will use the 404 page defined in the "test" .htaccess file, and the 403 page defined in the root .htaccess file.

Advertisement

TinkerAd

Installation

Unsure of how to install this code? It's pretty simple. A .htaccess file is called “.htaccess”, with nothing before the dot. Try finding this on your FTP software. Many systems don’t allow filenames starting with a dot (So downloading a htaccess file can be difficult at times), so that also restricts how we can create a .htaccess file. It is possible to get around these restrictions though, so here are the steps!

  1. Open your text-editing program and code your .htaccess file
  2. Once you are finished, save it as “htaccess.txt” (We will fix its name later)
  3. Upload “htaccess.txt” to your webserver and rename it to “.htaccess” (Remember that the dot is important!)

If you are still confused, or it's not working for you, check out the more detailed instruction in our Finding, Creating, and Editing a .htaccess file article.

Conclusion

Hopefully you were successful in installing this snippet, if you need help, feel free to send us a message! Check out the rest of the htaccess snippets to see what other amazing things you can do!

Advertisement

Article by Tinkerman