| Webhosting | Prices / Features | Support | Forums | Backgrounds | Announcements | Contact us |

Using Mod_rewrite to block "hot linked" images

Ok so you made the plunge to paid webhosting. You carefully selected the amount of space and bandwidth that you thought you would use when you ordered your package plan. You told all your friends where your site is, and submitted it to the search engines. After you begin to get vistors, you excitedly go to your weblogs to see where they are comming from, but then you start to notice something odd.
Some refferers are not for pages, but for images. Some of those images are being refferenced from other sites. Curiousity takes you to the site and you see your image on their site. Not only are they stealing your images, but they are linking to the image off your site!
This is called "stealing bandwidth" (not to mention if the image is one you created, they are also stealing copywrited material)
Besides this being annoying and illegal, it can also cost you money. Because the image is still being called from your server or your hosting account, the bandwidth or data transfer is tacked onto your account for each time that image is loaded.
This can really add up and cause your web host to charge you extra for the bandwidth, or even cancel your account.
If some one is linking to your images on their site, every time their site gets as hit, your bandwidth takes a hit too. This would be a lot like your neighbor hooking an extension cord to your house, and running his appliances off your line! Your neighbor gets the electricity, and you pay for it. This hardly seems fair does it? What can you do about it? We'll show you.

You could rename the image, however, you would not only have to change all your refferences to that image, but you would also have to keep an eye out for it happening again. That is a solution that some people have to use, but if you use an Apache server like MyPagesOnline does, you can do something better. Instead of searching every page on the net for your images, or going through millions of lines of lines in your access logs, you can use a module for Apache called Mod_rewrite.
Mod_rewrite is used to rewrite an incoming url based on a set of conditions you provide. For our needs, we will use the HTTP_REFERER variable (where the incoming request came from).
Note that we have several different HTTP_Refferers listed. You must include your IP and / or any subdomains (as shown) if you will be linking to your own images from a URL that contains the IP or subdomain.
If you call the image "header.gif" that is located at http://your_server.com/header.gif from a page named "index.html" on the same server, then the HTTP_REFERER when header.gif is called will read http://your_server.com/index.html.
If the person hot linking your header.gif file resides on server http://bandwdith_thief.com, when their page is called, a request is sent to your server for header.gif, from the the HTTP_REFERER http://bandwdith_thief.com/index.html.
This is how we can tell which calls to header.gif are coming from your index.html and which calls are coming illegally from the bandwdith_thief/index.html.

Here are two ways to use Mod_rewrite to solve this problem of a site hot linking your images.
The first will send a 403 Forbidden status code back to the illegal hot link, thus making the image show up as broken.
The second will send back an image of your choice in place of your hot linked image. This image can be anything, even one that says "This site is illegally linking to images", which can embarrass the web master (he will then remove the links to your images ASAP).
Note that with the second solution, you will still take a hit to your bandwidth, so make it worth it.

Example 1 Returning a 403 Forbidden on bad HTTP_REFERER variable.
Create a new file and name it .htaccess. (you can use notepad) In this new file enter the following:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourIP/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://your_domain.com/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/.*$  [NC]
RewriteCond %{HTTP_REFERER} !^http://anysub.your_domain.com/.*$  [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$        -                  [F]

You will need to change your_domain.com to whatever your domain is, or what your hosts domain name is. Also you need two lines, one without the www and one with the www, so people coming to your site either way will not be blocked from seeing the images. Save this .htaccess file and upload it to the directory on your server containing the images, or any folder lower than that directory.

Example 2 Returning another image in place of the hot linked image.
Like example 1, create a new file and name it .htaccess. (you can use notepad) Then place the following text in it:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourIP/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://your_domain.com/.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/.*$  [NC]
RewriteCond %{HTTP_REFERER} !^http://anysub.your_domain.com/.*$  [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ http://your_server.com/bad.gif [R]

Again you will need to change your_domain.com to whatever your domain is, or what your hosts domain name is. On the last line change the http://your_server.com/bad.gif to the url of the image that you would like displayed on the bandwidth thiefs page in place of the one he is trying to link to. Save this .htaccess file and upload it to the directory on your server containing the images, or any folder lower than that directory.

Below is a quick example of mod_rewrite at work.
Example 2 will return a different (bad) image than the one really called.

A few final notes

Mod_rewrite will only work with the apache server, if you are running something other than apache, this will not work. This tutorial also assumes the mod_rewrite has been compiled and installed on your server. Most servers these days have mod_rewrite available, but if your not sure ask your server host or look in your sever config file. FrontPage uses .htacess to work correctly on Apache, if your account uses Frontpage, make sure you add the above code to any existing .htaccess files. Do not overwrite others already there, else frontpage extensions may fail to work.

  - Account Log ins
  Control Panel Sample

  - Getting Started
  Chosing a Password
  Index Files
  Quick Html
  Virus Tracker
  Anti Spam Tips

  - Creating Databases
  Moving Databases

  - Htaccess
  Hot Linking
  Password Protection

  - Unix Commands
  Regular Expressions
  Telnet / SSH

Our Software Picks



| Copyright | © 2000 MyPagesOnline, All Rights Reserved | Privacy Statement |