Preventing Image Hotlinking using mod_rewrite

When someone places an <img> tag on their website that loads an image that is hosted on your website, it is called Image Hotlinking. When your images become hotlinked on someone else's page, anytime somebody visits their website the image will get loaded from your server which uses your bandwidth. Image Hotlinking can become a huge problem for your website, especially if you host a lot of images that others might want to use. If your pages are hosted by a hosting company that gives you a certain bandwidth quota every month, it can easily be exceeded if your images are hotlinked by other websites.

For example, let's say that someone likes my logo a lot and want to put it on their website someplace. They could use the <img> tag below to try and show my logo on their page.

If you try to use the above <img> tag on your own website though, you will notice that the image will not display. Instead, all you get is a broken image. If you are using the Apache Server for your website, you can use the following code in your .htaccess file that uses the mod_rewrite module of Apache to prevent image hotlinking. The .htaccess file allows you to configure Apache on-the-fly so that you can override your server's default settings. Create a file called .htaccess in your images directory and place the following code inside of it:

These lines will enable the Rewrite Engine and check to see if the domain that referred the user to the image is your domain. If it is not your domain then the user will receive a 403 - Forbidden code and the image will be broken, thus, blocking image hotlinking. Some users disable their http_referer and some proxies and firewalls have the potential to block the http_referer so this code will also let people with a blank http_referer view the images on your site. If you were to block the blank http_referer as well, you would be blocking legitimate site users from viewing your images in some cases.

Image Hotlinking can be a huge problem if you are dynamically generating images using PHP, Perl, or another scripting language. Dynamically generated images take more system resources to display so if they are hotlinked then your server could be in big trouble depending on how many users are hotlinking them.

I hope this information is useful to you. Please let me know if you have any comments or questions regarding this article.