Prevent HotLinking with .htaccess

It is fine for people to take images, css, js and other medias from your site as long as they re-host it on their own server after making a copy. Also, known as HotLinking, stealing people’s bandwidth by linking directly to other site’s images, js, css files is a bad thing. If you are a site owner and want to prevent hotlinking or serve an alternate content, here is an easy solution using .htaccess.

Create a .htaccess file and place it on the root of the domain where you want to prevent hotlinking. In my case, it was Add or append, the following codes between the Rewrite Rule else create the same.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]

This will prevent hotlinking to my gif, jpg, js and css files.
Note: mod_rewrite should be enabled for this to work.

In an event where you want to replace a hotlinked media with an alternate media, here is the change for the .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(gif|jpg)$ [R,L]

So, they will see me instead of the hot linked image. ;-) This came to light after Jason Scott’s article on Freedom, Justice and a Disturbingly Gaping Ass (via : Digg).

Google Defines Hotlinking as the intentional usage of someone’s bandwidth without that person’s authorization. It is also known as Bandwidth Theft.


How to get an email whenever Google visits your site

I was reading the article – Ever wanted to know when google crawls your site via Digg. The article explains how you to send an email via a PHP Script when Google’s spider (GoogleBot) visits your site. So, why not automate that for each and every page that is PHP powered.

To include the script on every page of your site, let us follow the following steps;

1. Modify your .htaccess file (create if you do not have one) to use the auto_prepend_file feature, it should have this line

php_value auto_prepend_file /home/

(a single line full absolute path to the autoappend.php on your server)

2. Create/Modify your autoappend.php (you are free to change the file name accordingly here and in the .htaccess file) to include the PHP script from (I’ve modified it slightly to have a clickable url when you get the mail);

//let us notify someone when google crawls this page
if ( strpos( $_SERVER['HTTP_USER_AGENT'], 'Googlebot' ) !== false )
    // The email address we want to send the email to
    $email_address = '[email protected]';
     // Send the email
    mail($email_address,'Googlebot Visit', 'Googlebot has visited your page: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);

But, my files extension is not PHP even though my server support PHP, how do I use this?

Well, you can use the same .htaccess to enable PHP for any file extension, you have to add this line

AddType application/x-httpd-php .html .htm

This will parse all files with the extension html and htm as PHP scripts.



  1. 2006 June 5 (10:00 am) – Be careful to set a filter for your email for this one. Now, I’m bombarded with “Googlebot Visit” mails!
  2. 2006 June 5 (02:00 pm) – This is perhaps a bad idea for a high traffic website. So, far I have received over 500 emails in just about 5 hours. I’m turning mine off.