1and1 Help Centre Categories

print article

Stop Hotlinking

Hotlinking is best described as the act of an outside source using your website content. This happens most often with media such as images. You may have created and hosted some type of media (image file for instance) on your website for use solely on your site. Another website owner may find the image and decide to use it. If the owner decides to simply add the picture into one of his website's pages using your URL for the picture, this is hotlinking. This may also increase traffic for your website but not necessarily in a good way.

Since hotlinking will load your files off of your web space to another person's website, this increases your web traffic (which may result in overage charges for you if your web traffic is limited) and possibly puts more strain on your website while most of the time, the image (or media) used does not reference or give credit to yourself or your website. There are ways to restrict hotlinking so that your website files remain your own.

Linux Hosting Packages
To disable hotlinking in Linux Hosting Packages, you will need to modify or create the .htaccess file. This file should be created or uploaded to the main folder (root of the web space). Below is an example with an explanation to follow.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)*yourDomain.com/ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|wav|mp3|wmv|avi|mpeg)$ - [F]
Please note:
The vertical line separating file types at the bottom of the example above can be made by holding the Shift key and pressing the Backslash key on most keyboards.
Line Explanation
RewriteEngine On This line turns the Rewrite Engine on.
RewriteCond %{HTTP_REFERER} !^$ This line specifies a condition for rewrite. It simply means "if the site requesting data is not missing a name"
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)*yourDomain.com/ [NC] This line specifies a condition for rewrite. It simply means "and if the site requesting data is NOT yourDomain.com (or any variation such as http://yourDomain.com or https://someSubDomain.yourDomain.com)..."
RewriteRule .*\. (gif|jpg|jpeg|bmp|wav|mp3|wmv|avi|mpeg)$ - [F] This is the rewrite rule. This rule will be used if any of the conditions made above are met. The rewrite rule simply means "and the data requested has a file name extension of .gif, .jpg, .jpeg ... then that file is Forbidden."

So the total of these lines essentially equates to "If the site requesting data has a name, and that domain name is not yours, and a media file has been requested, send a response that the file is forbidden." Using the example above, you would have to replace yourDomain.com with your actual domain that uses the files so that your own domain is not blocked from access to these files. Using this same example as a template, you can also signify other sites that should be allowed access to these files. Follow the example above an add more lines changing only the domain name.

If you want to add johnDoe.com to the allow list, your .htaccess files would look similar to:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)*yourDomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)*johnDoe.com/ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|wav|mp3|wmv|avi|mpeg)$ - [F]

This way all sites will be blocked from using the media files above (.gif, .jpg, .mp3, etc) on their own website but both your site and John Doe's website will have access to these files.

It is also possible to block all content of your site from outsiders unless a domain is added to the exception list by using the example below:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)*yourDomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)*johnDoe.com/ [NC]
RewriteRule .* - [F]

This way, all site content is only accessible via youDomain.com and johnDoe.com.

For additional information, you may want to reference: