I personally support (b) - as we've had thousands of illegal hotlinks per week on copywritten material - without permission - without links back. I set up .htaccess to only allow image/video views from the web site that has it. Leeching from us never brought us a anything except a bandwidth drain and copyright intanglements. It wasn't worth the time to track down and verify who was doing what with which images because of the sheer volume.

If you do a WebmasterWorld search, there are tons of well-written tutorials and complete .htaccess ban lists posted, as well as how to prevent direct linking to images and bandwidth theft.

That is - if you're leaning to solution (b).

<added>you can also track downloaded images with a service like Digimarc</added>

Hey IdiotGirl, thanks for your help. From some of your other posts I know that's not a very appropriate moniker for you!

Yes, I've seen the items on .htaccess here via several searches. My problem is that the examples involving rewriteengine don't work - they end up preventing images from displaying on both my site and any other referring site. I saw one post here that implied this could be because rewriteengine is disabled on my shared host. Does this seem likely to you?

KakenBetaal:

This should do it for you (for httpd.conf):

<Directory "/path/to/your/images">
Options FollowSymLinks
### Protect Local Images
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif¦GIF¦jpg¦JPG)$ [localhost...] [L]
</Directory>

Just make sure you do have mod_rewrite in your Apache!

dave

Hmm -- I actually have this same exact problem. Now I'm gonna research it... the .htaccess tutorial I use is:

[iboost.com...]

-- tonmo

Thanks, Dave! Unfortunately I'm on a shared hosting environment, so don't have access to httpd.conf, AFAICT. Leaves me with .htaccess.

Thanks for the pointer, tonmo.

Thanks for all the help, everyone. Turns out the missing bit was:

Options +FollowSymlinks

I've now got all my images being redirected, which is great. My next step is to get my videos blocked. I've added the following to a .htaccess in my video directory:

Options +FollowSymlinks 
RewriteEngine On 
rewritecond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://mysite.com.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://111.222.333.444/.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://www.google.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://216.239.*$ [NC] 
RewriteRule .*[Mm][Pp][Gg]$¦.*[Mm][Pp][Ee][Gg]$ http://www.mysite.com/videos.htm [R,L] 

Explanation and intentions:

• videos.htm is the page which lists my videos, and is in the root.
  
• The video directory contains all my video files, and this is where the code above is included in a .htaccess file.
  
• 111.222.333.444 is my site's IP address
  
• I want to allow those with no referrer to simply access the video files directly.
  
• I want to allow users clicking through from my site to simply access the video files directly.
  
• I want to allow Google cache and translations pages to link directly to the video.
  
• Every other site should open my videos.htm page instead of being served the video.

I've tested the above, and it seems to work as expected. I've two questions I'd really appreciate some help on:

• Does this look right to you?
  
• Should I allow users with a blank referrer to get my images and video, or should I block and direct them to an error page explaining why.

Thanks in advance...

I forgot to add that it doesn't seem to be working where another site embeds the video. For example:

<embed src="http://www.mysite.com/video/video.mpg">

I'd like to prevent the video from being played inside the offending website's page.

Where the offending website simply links to my video as shown below, they get redirected to my video page, which is exactly what I want.

<a href="http://www.mysite.com/video/video.mpg" target="_blank">http://www.mysite.com/video/video.mpg</a>

<bump>