Preventing image hotlinking is important to protect your server bandwidth, maintain control over your content, and ensure that your media files are used according to your terms. Image hotlinking occurs when someone embeds images from your website on their own site, causing your server to bear the load of delivering the images. Below are a few methods to prevent image hotlinking, along with some examples and references to reliable sources:

1. Use .htaccess file for Apache servers: The .htaccess file can be configured to prevent other websites from embedding your images by checking the referrer. You can add specific rules to block hotlinking, allowing only your site and specified domains to access the images.

\`\`\`apache # Prevent image hotlinking RewriteEngine On RewriteCond %{HTTP\_REFERER} !^$ RewriteCond %{HTTP\_REFERER} !^https://(www.)?yourwebsite.com/.\*$ [NC] RewriteRule .(jpg|jpeg|png|gif)$ – [F,NC,L] \`\`\` This code snippet ensures that only your website (`yourwebsite.com`) can display your images. Any other attempt will result in a “403 Forbidden” response. Source: [Apache HTTP Server Documentation](https://httpd.apache.org/docs/2.4/)

1. Use Nginx configuration: If you are working with Nginx, you can prevent hotlinking by configuring the server block. Here is an example configuration:

\`\`\`nginx location ~ .(jpg|jpeg|png|gif)$ { valid\_referers none blocked yourwebsite.com \*.yourwebsite.com; if ($invalid\_referer) { return 403; } } \`\`\` This configuration checks the referrers and blocks access to the specified image types if the request doesn’t originate from the allowed domains. Source: [Nginx Documentation](http://nginx.org/en/docs/)

1. Use a Content Delivery Network (CDN): Many CDNs offer hotlink protection as part of their service. By using a CDN, you offload the traffic from your server and leverage the CDN’s infrastructure to prevent hotlinking. For example, Cloudflare provides an easy-to-configure option in its dashboard to block hotlink attempts.

Source: [Cloudflare Documentation on Hotlink Protection](https://support.cloudflare.com/hc/en-us/articles/200170056-Preventing-image-hotlinking-by-third-parties)

1. Using JavaScript and server-side scripting: Another method involves dynamically generating images via server-side scripts and using JavaScript to display them, thereby making hotlinking more difficult. However, this method can be more complex and might not be suitable for all scenarios.

Example: You can generate images with PHP and serve them via a script that checks the referrer before delivering the image. This adds an additional layer of protection. \`\`\`php \`\`\` Source: [PHP Documentation](https://www.php.net/manual/en/reserved.variables.server.php)

1. Monitor and report hotlinking: Regularly check your server logs or use tools like Google Analytics to monitor referrer data for suspicious activity. If you find that your images are being hotlinked, you can contact the webmaster to remove the links or report to the hosting provider.

Source: [Google Analytics Documentation](https://support.google.com/analytics/answer/6004245?hl=en)

By implementing these methods, you can effectively prevent image hotlinking and protect your website’s resources. Each method has its own set of advantages and disadvantages, so you might need to combine several approaches to achieve the best result.

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP