Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > Programming Articles

Reply
 
Thread Tools
Hotlink Protection Tutorial (Apache Server - .htaccess files)
NeutralizeR
Join Date: Aug 2005
Posts: 355

 

Show Printable Version Email this Page Subscription
NeutralizeR NeutralizeR is offline 07-24-2006, 10:00 PM

What is hotlinking and bandwidth theft?

Bandwidth theft or "hotlinking" is direct linking to a web site's files (images, video, etc.). An example would be using an <img> tag to display a JPEG image you found on someone else's web page so it will appear on your own site, eBay auction listing, weblog, forum message post, etc.

Bandwidth refers to the amount of data transferred from a web site to a user's computer. When you view a web page, you are using that site's bandwidth to display the files. Since web hosts charge based on the amount of data transferred, bandwidth is an issue. If a site is over its monthly bandwidth, it's billed for the extra data or taken offline.

A simple analogy for bandwidth theft: Imagine a random stranger plugging into your electrical outlets, using your electricity without your consent, and you paying for it.

How Do I know I am hotlinking?

This is how you might display an image graphic file in the HTML on your own web page:
HTML Code:
<img src="image.jpg" height="350" width="200">
This tag tells the site to request the file image.jpg on the same server as the rest of the files on the site. If you were to hotlink an image from an outside server, the HTML might look like this:
HTML Code:
<img src="http://notmysite.com/image.jpg" height="350" width="200">
This tag tells the site to request the image.jpg from a different server other than your own. Every time the page is loaded, the outside server has to use its bandwidth to display the image. To avoid this problem, don't link to files on servers that don't belong to you. To share images and files on your own web page, upload them to your own server's directory or to a free image hosting service that allows direct linking.

Why should I stop hotlinking?

Hotlinking can have a lot of undesirable consequences. One is the so-called "switcheroo". If you've linked to an image on someone's server, what's to prevent them from changing the image you linked to? This can have humorous results. Since most sites, forums, etc. have strict policies about offensive images, it wouldn't take much for an aggravated webmaster you've been stealing bandwidth from to shut you down completely with an unwanted "switcheroo".

Displaying an image or file that doesn't belong to could be a violation of copyright, making you open to litigation. The owner of the file could utilize DMCA law to have your site shut down and your information given for use in legal proceedings.

How can I test to see if my image can be hotlinked?

Use our URL hotlink checker below to check the hotlinking protection (such as an htaccess file) on your web site. Enter the complete URL below (ex: http://mysite.com/image.jpg) to see if your image can be loaded and hotlinked by an outside server.

Click to go to the Resource & Test Page

******************************************
******************************************
******************************************
Following text may not be an ultra professional experience but i've been using these techniques for 2 years and they are working great for me.

I've been running two dedicated servers and i've full control over them (my .htaccess file lines included in my httpd.conf file). If your hosting is shared and got some restrictions to use .htaccess files on your account, you should contact your hosting company first to enable them.
Notice: .htaccess files can only be used by Apache web servers and they will not work on a windows system.

Hotlink Protection Enabled .htaccess File Tutorial

-Create a new TXT file named *'sample.htaccess' and open it with your text editor (NotePad). *Windows users won't be able to create it as '.htaccess' so you have to rename 'sample.htaccess' to '.htaccess' after it's been uploaded to your server.

-Copy and paste the following lines to 'sample.htaccess' file:
Quote:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
http://www.yourdomain.com/forum/ [R,NC]
-Change RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com with your domain name.
-Upload 'sample.htaccess' file to your web server's root and rename it to '.htaccess'.

Read the following text to figure out how to customize your own .htaccess file.

RewriteCond %{HTTP_REFERER} !^$ = Allow direct requests (ie. entering the url to an image in your browser). People can't publish your image files at their own web pages but they still can view them by entering their url in the browser window. These images can also be viewed (shared) by clicking on their urls in Instant Messenger windows.

[NC] = "No Case", meaning match the url regardless of being in upper or lower case letters.

[R] = Redirect

*(jpg|jpeg|gif|png|bmp|swf) = Files to block

I used to redirect blocked files to a custom .jpe image file. If you prefer this option, you should use the following .htaccess file:
Quote:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.yourdomain.com/nohotlinking.jpe [R,NC]
Upload a tiny jpg file with a text on it like "Hotlinking is not allowed!" and change it's extension to .jpe. This JPEG image is using the extension jpe instead of jpg to prevent blocking your own replacement image.

My .htaccess file:
Quote:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org$ [NC]
RewriteRule .*\.(mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|z ip|rar|exe)$ http://www.msxlabs.org/forum/ [R,NC]

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.msxlabs.org$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf)$ http://www.msxlabs.org/forum/ [R,NC]
This .htaccess file redirects people to my forum homepage who are trying to access the file types which are listed in the blocked files list.

First piece of lines got RewriteCond %{HTTP_REFERER} !^$ line as i don't want people to be able to access those kind of files directly. (The protection for the image files doesn't have that line)

If you don't want a redirection for (mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|r ar|exe), you can use replace that line with the following display your Error Code 404 page:

Quote:
RewriteRule .*\.(mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|z ip|rar|exe)$ [F,NC]
Example: 404 - MsXLabs

.htaccess files effect the folder it's in and all of the subfolders.

If you want to exclude a subfolder from the hotlink protection, create another .htaccess file with the lines below and upload it to that directory:
Quote:
RewriteEngine on
RewriteRule ^.*$ -
IMPORTANT NOTE: PLEASE DELETE ANY EXTRA SPACES ADDED BY VBULLETIN. (jpg|jpeg|gif|png|bmp|swf) THERE SHOULD'T BE ANY SPACES BETWEEN THE EXTENSION TYPES.
Feel free to reply this thread if i made some mistakes

This tutorial is written by NeutralizeR @ MsXLabs Organization
Reply With Quote
  #32  
Old 01-20-2007, 12:26 PM
aacircle aacircle is offline
 
Join Date: Jun 2005
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Interesting feedback and I thought u would be replying quickly based on your excellent support.

Take a look at my signature which I do notice redirects to my home page even though it's a hotlinked image. Whereas, http://www.myotherdomain.com/test.htm shows a broken image.
Reply With Quote
  #33  
Old 01-20-2007, 04:27 PM
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
Posts: 355
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by aacircle View Post
Interesting feedback and I thought u would be replying quickly based on your excellent support.

Take a look at my signature which I do notice redirects to my home page even though it's a hotlinked image. Whereas, http://www.myotherdomain.com/test.htm shows a broken image.
Where do you use this .htaccess file?

on www.animeonline.net or www.myotherdomain.com/test.htm?

For www.animeonline.net:
Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.animeonline.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.animeonline.net$      [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf|mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ http://www.animeonline.net/ [R,NC]
If you delete RewriteCond %{HTTP_REFERER} !^$ line, the files will be accessible via empty referrers (like copying and pasting the urls directly to browser's address line or the IM windows)

Sorry, i'm too busy with my server problems at the moment
Reply With Quote
  #34  
Old 01-21-2007, 12:27 AM
aacircle aacircle is offline
 
Join Date: Jun 2005
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It was placed into the .htaccess file at animeonline.

Anyway, it was just a little thing, so don't worry about it. Cheers and good luck with ur own issues.
Reply With Quote
  #35  
Old 02-01-2007, 12:06 PM
adwade adwade is offline
 
Join Date: Aug 2006
Location: SouthEast, TN
Posts: 323
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How does one KNOW this is occurring? Is there some server parameter you're monitoring, or a utility that alerts you to the fact others are hotlinking to your site?
Reply With Quote
  #36  
Old 03-09-2007, 02:11 AM
EyeCrave EyeCrave is offline
 
Join Date: Sep 2002
Location: Layer 2 of the DVD
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lionel View Post
Guest are allowed to see attachments. But I found a solution that works perfect for me. Attachment.php displays on my site only.
How did you do this? We currently have a forum where we post images we use on our mainpage and we get the majority of our guests there. I need to be able to show it only on my site.
Reply With Quote
  #37  
Old 03-13-2007, 01:09 AM
EyeCrave EyeCrave is offline
 
Join Date: Sep 2002
Location: Layer 2 of the DVD
Posts: 41
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can someone help me with this... I'm getting hammered with people using my attachment.php link...
Reply With Quote
  #38  
Old 01-17-2008, 11:26 PM
vietdjclub vietdjclub is offline
 
Join Date: Oct 2007
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if user use IDM when they click then it not rewrite

ex: http://abc.xom/folder/a.mp3

if use IDM then user can download it
Reply With Quote
  #39  
Old 03-21-2008, 01:54 AM
attroll's Avatar
attroll attroll is offline
 
Join Date: Jan 2003
Location: Litchfield, Me
Posts: 664
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is the code I have been using. It works without the www in front of the name but when I use the www then the hotlink protection does not work.

Does anyone have any advice?
Code:
 
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://mysite.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
Reply With Quote
  #40  
Old 03-21-2008, 05:00 AM
NeutralizeR NeutralizeR is offline
 
Join Date: Aug 2005
Posts: 355
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by attroll View Post
Here is the code I have been using. It works without the www in front of the name but when I use the www then the hotlink protection does not work.

Does anyone have any advice?
Code:
 
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://mysite.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
Are you using your domain with our without www?

If you only want to use it with "www":

Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.mysite\.com
RewriteRule (.*) http://www.mysite.com/$1 [L,R=301]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf|mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ http://www.mysite.com [NC,R,L]
Reply With Quote
  #41  
Old 03-21-2008, 06:16 AM
attroll's Avatar
attroll attroll is offline
 
Join Date: Jan 2003
Location: Litchfield, Me
Posts: 664
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by NeutralizeR View Post
Are you using your domain with our without www?

If you only want to use it with "www":

Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.mysite\.com
RewriteRule (.*) http://www.mysite.com/$1 [L,R=301]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$      [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf|mp3|mpeg|mpg|ram|rm|wma|wav|asx|wmv|avi|mov|zip|rar|exe)$ http://www.mysite.com [NC,R,L]
My domain is setup so that it works with and without the "www". How can I set it up to with with and without the "www"?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:24 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06856 seconds
  • Memory Usage 2,321KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_code
  • (2)bbcode_html
  • (9)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete