[jj_b]

Hi

I need to stop hotlinking to my website in order that my bandwidth is not leeched away by people posting images from it elsewhere. However, having trawled the net for various sites which offer help and code to fix this as a .htaccess file, I still can't get this to work. Some say the file should go into the root directory of my site, others in the folder where my images are stored. All seem to give different code samples that should go in the .htaccess file, and so I'm not sure who to believe.

Also, I'd like to know if there's a similar function to prevent access to html files within my site, and instead have something that automatically redirects any attempt to make such a link to the front page of my site.

I'm a newcomer to this sort of stuff, so any help in plain English would be very much appreciated

[arikin]

First the location of the .htaccess file depends on what part of your site you want to protect. If you put it in the root directory (htdocs, public_html, etc) it will protect images in the whole site. Of course if you put it it the images directory instead then just the images are affected.

As for the actual code for the .htaccess file... This is the tricky part because the server settings also get involved.

Before you get involved with the actual code though take a look at this generator. It may give you what you need:
http://www.htmlbasix.com/disablehotlinking.shtml

If those solutions didn't work then take a look at some instructions to cook your own...
http://altlab.com/htaccess_tutorial.html

[arikin]

When I said it depends I meant that some hosting providers allow .htaccess but not mod_rewrite, both, or none. A good check is to see if they allow password protected directories and custom Apache error redirects. If they do then your in business and need to test to see what code will work for you.


If you are going to cook your own keep these points in mind:
* Many server configurations will require you to have "Options +FollowSymLinks" before any mod_rewrite directives.
* Then before any other directive to be processed by mod_rewrite you must first have a "RewriteEngine on" line.
* mod_rewrite is picky about spaces.
* Allow for a blank referrer. Some corporate or ISP firewalls block the referrer information from being sent along with the request. This will allow direct type-in-the-address-bar and right-click browser access, and there's nothing that can be done about that without using a significantly more complicated measure.


You also wanted to block hotlinking for html files. This should be possible since to Apache a file is a file. So just try adding the possible file extentions in the "RewriteRule" command line.

example (replace example.co.uk with your own domain. \. escapes the dot in the URL):
-----------------------------------------------------------------------
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example2\.co\.uk [NC]
RewriteRule \.(gif|jpg|jpe?g|bmp|htm|html)$ - [NC,F]
-----------------------------------------------------------------------

[jj_b]

Aha - thanks for that info! I think the 'options' part (which wasn't in my original .htaccess file) may have been the 'bug' in what I had.

Is it possible to be automatically redirect someone to the front page of my site if they try to hotlink to one of the other html pages within it?

[arikin]

Sure this is possible. Webmasters do it a lot when migrating from html to php. But remember that hotlinking to html pages is not very common. Besides, the images, zip, mp3s, etc are what really eat up bandwidth.

The first thing to do is to remove the .htm and .html extentions from the first rule rewrite because we want a different outcome.

So the rewrite is split:
RewriteRule \.(gif|jpg|jpe?g|bmp)$ - [NC,F]
RewriteRule \.(htm|html)$ http://www.example.co.uk/freeloaders/index.html

So the full previous example with the changes:
-----------------------------------------------------------------------
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example2\.co\.uk [NC]
RewriteRule \.(gif|jpg|jpe?g|bmp)$ - [NC,F]
RewriteRule \.(htm|html)$ http://www.example.co.uk/freeloaders/index.html
-----------------------------------------------------------------------
Note: The redirect needs to be a fully qualified URL.

But this brings us back the idea of which directory to put this .htaccess file into. If you put this in the root directory external requests for your top page would be directed to:
http://www.example.co.uk/freeloaders/index.html
This is probably not what you want. So... this might work better in the second level directories of this root directory. For example:

images/ (http://www.mydomain.com/images/)
schedule/ (http://www.mydomain.com/schedule/)
today/ (http://www.mydomain.com/today/)
events/ (http://www.mydomain.com/events/)

If you have content to protect in the root directory try a simplified version to protect just the images:
-----------------------------------------------------------------------
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example2\.co\.uk [NC]
RewriteRule \.(gif|jpg|jpe?g|bmp)$ - [NC,F]
-----------------------------------------------------------------------


Later you may have another webserver or a friend/associate who wants to hotlink to your site. You just add in a condition before the "RewriteRule" to allow them. In the example the HTTP_REFERERals for http://www.friends.com/ would get through:

-----------------------------------------------------------------------
RewriteCond %{HTTP_REFERER} !^http://?friends?.*$ [NC]
-----------------------------------------------------------------------


You may also want to look through these articles if you want to get started into mod_rewrites:
http://www.yourhtmlsource.com/sitema...rewriting.html
http://corz.org/serv/tricks/htaccess2.php

Cool tricks:
http://www.webpimps.com/scripts/htaccess/

Official Apache docs:
http://httpd.apache.org/docs/misc/rewriteguide.html

[jj_b]

Excellent stuff, thankyou. This sounds exactly what I need. The 'index' page of my site is the front page, so it would be useful to have all hotlink attempts point there. Sometimes I see that people are giving the URL of my site as another page from it, and I prefer that all visitors go to the front page instead, so that I can keep an eye on numbers and type of traffic/referrers, etc..

So, I will give this a try and see what happens

[jj_b]

Something that's just occured to me - to prevent hotlinks using the wrong html page from my site, should I put this htaccess file in the html root folder of my site (as there is a htaccess file in the images root folder of my site)? Would this redirect all attempts to hotlinl any pages from my website to the front page?