Lighttpd prevent image hotlinking or leeching or direct linking

by on December 3, 2006 · 2 comments· LAST UPDATED January 7, 2007

in , ,

Lighttpd logo

Hotlinking or leeching or direct linking comes under Bandwidth theft (also known as Inline linking).

Wikipedia defines Inline linking as:
Inline linking, also known as hotlinking, leeching, or direct linking is the placing of a linked object, often an image, from one site in a web page belonging to a second site. The second site is said to have an inline link to the one where the object is located. It is used for such activities as linking images from personal home page storage into the online diary of the person controlling the personal home page.¨

In this tutorial I will explain on stopping hotlinking under Lighttpd webserver. If you are using Apache web server, please see Apache prevent hot linking or leeching of images using mod_rewrite howto.

Let us say you would like to prevent hotlinking for domain theos.in:
=> Allow all image refer from your own domain theos.in and other domains such as nixcraft.com or cyberciti.biz
=> Allow image bot crawlers/ useragent such as msnbot-media (MSN), Mediapartners-Google (Google) and Yahoo-MMCrawler (Yahoo)
=> Allow image refer from images.google.com, images.search.yahoo.com etc
=> Allow feedburner to burn your feed and images

Open your lighttpd.conf file. Locate virtual domain configuration section for domain theos.in:
# vi /etc/lighttpd/lighttpd.conf
Find virtual domain configuration and append code as follows:
$HTTP["referer"] !~ "^($|http://.*\.(theos\.in|^$|google\.*|yahoo\.*|msn\.*|nixcraft\.com|cyberciti\.biz|cricketnow\.in))" {
$HTTP["useragent"] !~ "msnbot-media" {
$HTTP["useragent"] !~ "Mediapartners-Google" {
$HTTP["useragent"] !~ "Yahoo-MMCrawler" {
$HTTP["useragent"] !~ "FeedBurner" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif", ".avg", ".mpeg" )
}
}
}
}
}

Save and close the file. Restart lighttpd webserver:
# /etc/init.d/lighttpd restart
Final configuration includes support for MSN, Google, Yahoo cache :)

$HTTP["referer"] !~ "^($|http://.*\.(google\.*|yahoo\.*|msn\.*|cyberciti\.biz|msnscache\.com/.*))" {
$HTTP["referer"] !~ "^($|http://theos\.in|^$|nixcraft\.com|cricketnow\.in)" {
  $HTTP["useragent"] !~ "msnbot-media" {
  $HTTP["useragent"] !~ "Mediapartners-Google" {
  $HTTP["useragent"] !~ "Yahoo-MMCrawler" {
  $HTTP["useragent"] !~ "FeedBurner" {
  $HTTP["referer"] !~ "^($|http://.*/.*(q=cache.*|p=cache.*))" {
     url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif", ".ico" )
       }
      }
     }
    }
   }
  }
 }
}

It can get more complicated but above is sufficient for most websites ;)

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 2 comments… read them below or add one }

1 mumuri September 9, 2007 at 7:45 pm

Nice work but you forgot googlebot, mediapartner is the adsense robot.

more over you can add an other examples with
http://babelfish.altavista.com/

there is not only cache system to allow

Reply

2 mumuri September 9, 2007 at 8:12 pm

and a little question, could you add a directive to redirect to a default picture ?

Reply

Leave a Comment

Previous post:

Next post: