HotLink Blocking

A couple of months ago as I was checking my web server access logs, I came across something odd. A single image file was being requested repeatedly and often from the same host IP. Although I wasn't aware of the term at the time, I had become a victim of Hot Linking. Since I wasn't aware of a technical means of blocking this heinous practice, I simply performed a reverse lookup on the IP, then emailed the owner of the domain with a "cease and desist" warning. Turns out it was a college dude, and he promptly removed the link. But, of course, I wasn't happy with that since it wasn't a permanent solution and would require constant monitoring of the server logs. Thus began my quest to block hotlinking.

I soon learned that it is a simple task when running on Apache. A few lines in the .htaccess file did the trick. About a year later, I went to add the same code to a friends site, and I stumbled around a bit because I forgot a couple of rules. So here they are. First the lines you need in the .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg)$  http://www.example.com/angry.jpe [R,L]

Naturally, replace "example.com" with your actual domain name. If you've already been using mod_rewrite, you'll have the first line in your .htaccess file and you don't need to duplicate it.

Next the rules.

• You can only redirect to another image, not an html file.
• Use a different extension on the replacement image or else the rewrite will attempt to replace it as well.
Alternatively, you can put the .htaccess in your images folder rather than the document root folder and point the rewrite to an image in the root folder.

I'm sure some Apache Guru could make spice this up, but there you have the basics.