Preventing Hotlinking to Your Images

RewriteEngine On RewriteCond %{HTTP_REFERER}     !^http://(www\.)?example\.com/ [NC] RewriteCond %{HTTP_REFERER} ^http:// [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule \.(jpg|jpeg|gif|png|bmp)$ - [F]

Sometimes, people will link directly from their website to resources on your server, such as logo images and binary program files. This is called hotlinking and in certain situations, you may want to prevent this from happening. For example, a certain online-merchant realized that half its traffic (and bandwidth bill) was from other sites hotlinking to its images for credit card companies and countries.

You can prevent people from hotlinking to your images by requiring that the requests to the images come from your server. You can do so using mod_rewrite. The example in the listing here will return a Forbidden answer to any request made for image files (identified by their extensions in the fourth RewriteCond line) whose HTTP_REFERER header does not match your domain name (first RewriteCond line). In addition, since certain browsers may not send a valid referer field or not send one at all, additional checks are performed to see that the referer field starts with http:// and is not blank (second and third RewriteCond lines).