Knowledge Base

Hotlink Protection

Apache has a built-in method for protecting images within directories from prying eyes, using the .htaccess file.

 

When your browser sends a request for an image, it usually also sends the URL of the page that linked to that image. The following .htaccess file causes the server to check this URL ("Referer" in the following snippet) and, if it is one of the authorized URLs that you specify, it will set an internal flag called "locally_linked". This internal flag is technically called an "environmental variable". If the URL sent is not in this list of authorized URLs, the flag (or ev) is not set. Note that we also set the "locally_linked" variable if the browser does not send any URL at all: this occurs when the visitor accesses your site using a browser or a proxy that suppresses the referring URL.

The web server then checks if the file requested has an extension in the list given below (gif, png, jpg and jpeg). If so, and the "locally_linked" variable is set, it will send the image. Otherwise, an error will be sent. If this is too complex, then you can use the Hotlink manager or the Password Protect icon in the cpanel.

SetEnvIfNoCase Referer    "^http://www.example.com/" locally_linked=1 
        SetEnvIfNoCase Referer "^http://www.example.com$" locally_linked=1 
        SetEnvIfNoCase Referer "^http://example.com/" locally_linked=1 
        SetEnvIfNoCase Referer "^http://example.com$" locally_linked=1 
        SetEnvIfNoCase Referer "^$" locally_linked=1 
        <FilesMatch ".(gif|png|jpe?g)$"> 
          Order Allow,Deny 
          Allow from env=locally_linked 
        </FilesMatch>
 

Please rate this article to help us improve our Knowledge Base.

0 0