Support Joomla!

1.5 Template Project

The Joomla! Documentation Working Group is running a project to develop detailed reference and tutorial material on Joomla! 1.5 templates.  There is a project page on the documentation wiki where you can see the work in progress and help us by contributing your knowledge.

Who's Online

We have 72 guests online

Help Site License

The Joomla! Help Site content is copyright © 2005 - 2008 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution NonCommercial ShareAlike 2.5. Some parts of this website may be subject to other licenses.
Home arrow FAQs arrow Security & Performancearrow APACHE: How do I block direct hot linking to image files using .htaccess?

APACHE: How do I block direct hot linking to image files using .htaccess?
Author(s):Rliskey
Experience level:Beginner
Contributors:Joomla! version:1.0
Date added:Monday, 26 March 2007Date last changed:Friday, 06 July 2007
 

Caveats
1. Your server must allow .htaccess files for this technique to work.
2. If you do not have a .htaccess file in your root directory, see the related FAQ first.
3. Do not use this method to redirect image hot links to HTML pages or to servers that are not your own.
4. Hot linked images can only be replaced by other images, not with HTML pages.
5. As with any .htaccess rewrite, you may block legitimate traffic, such as users behind proxies or firewalls.

Directions
1. Create a jpeg image called no_hot_link.jpe. Note that the odd file extention (.jpe) is intentional and important. Place this file in your images directory.

2. Place the following code in the .htaccess file of your root directory.

 

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?your_site\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/no_hot_link.jpe [L]

Explanation
The first line begins the Apache rewrite rule. The second line matches any requests from your own site, here called your_site.com url. The [NC] flag means "No Case", which means, match upper and lower case characters. The third line allows empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the no_hot_link.jpe file in your images directory. This JPEG file uses the extension jpe instead of jpg to prevent these rules from blocking your replacement image.

Block hot linking from specific domains
To stop hotlinking from specific domains only, such as myspace.com, blogspot.com and livejournal.com, while allowing other web sites to hotlink to your images, use the following code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

You can add as many different domains as you want. Every RewriteCond line except the last one should end with the [NC,OR] flags. NC means to ignore case. OR means "Or Next", as in, match this line OR the next line. The last RewriteCond omits the OR flag to stop matching after the last RewriteCond.

Display a 403 forbidden code
Alternatively, you can display a 403 Forbidden error code. Replace the last line of the previous examples with this line:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]


Last Updated Friday, 06 July 2007
Tags: security, htaccess, apache
< Prev   Next >
[ Back ]

Powered by EasyFAQ © 2006 Joomla-addons.org