Prevent HotLinking with .htaccess

It is fine for people to take images, css, js and other medias from your site as long as they re-host it on their own server after making a copy. Also, known as HotLinking, stealing people's bandwidth by linking directly to other site's images, js, css files is a bad thing. If you are a site owner and want to prevent hotlinking or serve an alternate content, here is an easy solution using .htaccess.

Create a .htaccess file and place it on the root of the domain where you want to prevent hotlinking. In my case, it was http://www.brajeshwar.com/. Add or append, the following codes between the *Rewrite Rule* else create the same.


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?brajeshwar.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]

This will prevent hotlinking to my gif, jpg, js and css files.
Note: mod_rewrite should be enabled for this to work.

In an event where you want to replace a hotlinked media with an alternate media, here is the change for the .htaccess file.


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?brajeshwar.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://media.brajeshwar.com/i/brajeshwar.jpg [R,L]

So, they will see me instead of the hot linked image. ;-) This came to light after Jason Scott's article on "Freedom, Justice and a Disturbingly Gaping Ass (Freedom, Justice and a Disturbingly Gaping Ass)":http://ascii.textfiles.com/archives/000278.html (via : "Digg (Digg)":http://digg.com/).

Google Defines Hotlinking as the intentional usage of someone's bandwidth without that person's authorization. It is also known as Bandwidth Theft.

ELSEWHERE

* 5ThirtyOne wrote an article - Pursuading people with Rewrite rules that "hotlinking" is bad is not malicious, it's just funny.