working hotlink protection?

Category: Cpanel

CPL
Asked:
2012-04-04 7:46 pm EST

Hits: 1,144
I'm looking into hotlink protection for images on my site, but need input on whether it's the right idea and just how to get it active.

I understand how it's used in the .htaccess file, and how cPanel might be used. But when I tried it from cPanel earlier, it totally crashed my site (Server Error..) and I had to get help to fix something in .htaccess. Then I tried manually putting entries in .htaccess as I saw in a number of articles, but testing on some test sites didn't seem to show it working.

So, when it comes to RSS feeds and other possible needs, is hotlink protection really worth the risk of it blocking some sites where you may get more by leaving it off?
And, if it's the best idea, why doesn't it work in my root .htaccess file (according to what some test sites seem to report.)

With what else is in .htaccess currently, I basically added:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp)$ http://www.mydomain.com/the/path/to/blocked.png [NC,R,L]

Any thoughts?
-CPL

You must login before you can ask a follow up question.

You must login before you can submit an answer.

OTHER ANSWERS

0

Tim S.
Staff
9,967 Points
2012-04-05 8:40 am EST
Hi CPL,

Thanks for posting your question about hotlink protection. I'm more than happy to assist you today. First, let's examine the benefits of hotlink protection. When someone links to one of your image files, they essentially steal bandwidth. That's probably the biggest advantage to using hotlink protection. Since we do not actively monitor bandwidth on shared hosting, the advantage of using hotlink protection in minimized.

How Hotlink protection in cPanel work by default, images will not show up in RSS feeds. I've never personally found a need for hotlink protection so I've dug around to find out if there's workarounds for it. This is what I've found:

Normal, .htaccess rules for hotlink protection would look something like this. And using this code, your images will not show up in RSS feeds such as FeedBurner:


# Hotlink Protection
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|png|bmp)$ - [F,NC,L]



Now, Let's break down what this code is doing. In the first line, after the initial comment we're enabling mod_rewrite. Then the code checks the referrer's URL against the predefined strings in the next 5 lines. If the URL is not listed in the string then Apache is directed to deny access to the file types listed in the last line. Keep in mind, you can restrict any file type and you're not just limited to images files.

At this point, RSS feeds, since they're not listed in the .htaccess rules the images will not display. So if we wanted to allow Feedburner access to images on the website we could modify the rules from above to this:


# Hotlink Protection with Feedburner Access
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.feedburner.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/example-feed$ [NC]
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/example-feed-comments$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|png|bmp)$ - [F,NC,L]



Notice, the is last lines of code, we're now allowing feedburner to access the files on our site. Of course, in this code snippet you'd need to replace www.example.com with your actual domain and the feedburner feeds and feed comments with the actual URLs.

Also keep in mind, .htaccess rules are overwritten in each folder. If you have an .htaccess file in the parent (root) folder and then a .htaccess file in one of the child folders, the settings in the child folder's .htaccess file overrides the parent .htaccess.

The thing to remember is, what are you trying to gain for enabling hotlink protection? Does this goal out weight the possible disadvantages of using hotlink protection?

I hope this helps! If you need further assistance please feel free to contact us.

Thanks!

Tim S

You must login before you can post a comment about this answer.

Like this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!