1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 8:22 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Preventing hotlinking to images

Going one step further

         

Scooter24

11:38 am on Apr 4, 2003 (gmt 0)

10+ Year Member Top Contributors Of The Month



I'm currently using this code to prevent hotlinking:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mydomain.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://216\.239.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://images\.google.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www\.google\..*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://translate\.google\..*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://babel\.altavista\..*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://babelfish\.altavista\..*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://world\.altavista\.com.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www\.excite\.co.*$ [NC]
RewriteRule \.(jpg¦JPG)$ [mydomain.com...] [R,L]

However I noticed that it is still possible to display my images, for instance with a HTML page (page1) such a code:

<html>
<body>
<p><a href="http://www.mydomain.com/images/img1.JPG">pic</a>
</body>
</html>

When you click on "pic" the image at [mydomain.com...] will display in a HTML page, even if page1 is hosted on another, not allowed domain.
Is it because the .htaccess contains the line
RewriteCond %{HTTP_REFERER}!^$?

And if I remove this line, are there any unwanted side effects?

Images should display only when the referrer is an accepted one.

By the way, last Saturday there were 3000 GET requests for images on my site with an empty referrer.

jdMorgan

4:49 pm on Apr 4, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Scooter24,

You'll have make that choice.

Blocking a blank referrer will block some percentage of legitimate users who are using Norton Internet Security and similar products. It will also block many corporate users and users whose ISPs use a caching proxy.

It is likely that most of these blank referers are legitimate users. It is also likely that a few are not legitimate users. However, you have to decide if you want to block the majority in order to catch a few bad guys.

I recommend that you DO NOT block blank referrers, unless the user-agent is also blank. And you will still need to take care that you are not blocking legitimate users, but very, very few.

No blocking method can be made 100% effective against the bad guys without hurting the good guys, short of having a subscription-only site and disallowing search engines from archiving your resources.

Jim

carfac

7:24 pm on Apr 4, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



scooter:

I also agree with Jim (Heck, I ALWAYS agree with Jim!)

Some of your images WILL get used by not blocking a blank UA... but not too many. I have a very popular, image-intensive website, and I get a LOT of this.

You can check your logs and get a pretty good idea who is using your images, and send off e-mails as needed based on that.

dave

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 8:22 am May 21, 2026