Thursday, February 16, 2012

Apache configuration - stop hotlinks

You may not want other website to embed images or movie from your website. For example: is allowed, but
 <img src="" height="350" width="200"> is not allowed, so called hotlinks.

To prevent hotlinks, you can add the following lines in httpd.conf: (replace to your website)
LoadModule rewrite_module modules/
<IfModule rewrite_module>
      RewriteEngine On
      RewriteCond %{HTTP_REFERER} !^$
      RewriteCond %{HTTP_REFERER} !^http://localhost/.*$ [NC]     
      RewriteCond %{HTTP_REFERER} !^*$ [NC]
      RewriteRule .*\.(jpe?g|png|gif|bmp|swf|flv) - [NC,F,L]

These  conditions allow linking only  from your own site for files end with
jpeg, png, gif, bmp, swf and flv.  The rewrite_module  is used. The links are written in regular expression.  Some explanation:
1. NC (no case, case insensitive)

2. [F] (force URL to be Forbidden)
Forces the current URL to be forbidden. Send the HTTP response, 403 (FORBIDDEN).

3. [L] (last rule)
Forces the rewriting processing to stop here and don't apply any more rewriting rules.
To check if your images can be  hotlinked, go to the link below:

No comments:

Post a Comment