Prevent HotLinking with .htaccess

It is fine for people to take images, css, js and other medias from your site as long as they re-host it on their own server after making a copy. Also, known as HotLinking, stealing people’s bandwidth by linking directly to other site’s images, js, css files is a bad thing. If you are a site owner and want to prevent hotlinking or serve an alternate content, here is an easy solution using .htaccess.

Create a .htaccess file and place it on the root of the domain where you want to prevent hotlinking. In my case, it was http://www.brajeshwar.com/. Add or append, the following codes between the Rewrite Rule else create the same.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?brajeshwar.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
</IfModule>

This will prevent hotlinking to my gif, jpg, js and css files.
Note: mod_rewrite should be enabled for this to work.

In an event where you want to replace a hotlinked media with an alternate media, here is the change for the .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?brajeshwar.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://media.brajeshwar.com/i/brajeshwar.jpg [R,L]
</IfModule>

So, they will see me instead of the hot linked image. ;-) This came to light after Jason Scott’s article on Freedom, Justice and a Disturbingly Gaping Ass (via : Digg).

Google Defines Hotlinking as the intentional usage of someone’s bandwidth without that person’s authorization. It is also known as Bandwidth Theft.

ELSEWHERE