Apache prevent hot linking or leeching of images using mod_rewrite howto

Q. My site hosts lots of good images and other site hot links to my images from their own site. Hot linking is eating lots of my bandwidth. How do I stop lechers or prevent hotlinking under Apache web server?

A. This is problem you may encounter, particularly if your site hosts unique images. However solution is quite simple ban image hot linking using Apache mod_rewrite to check the referral information the browser provides.

ADVERTISEMENTS

How do I prevent Apache hot linking of images / media?

There are many ways to block hot linking of images.

You can add any one of the following code to .htaccess file or to your own httpd.conf file to prevent.

Make sure Apache mod_rewrite is enabled.

Solution # 1 : Prevent “hot linking” of images

Open httpd.conf or .htaccess file using vi text editor
# vi httpd.conf
Append following config directive:

SetEnvIfNoCase Referer "^http://www\.cyberciti\.biz/" banimages=1
SetEnvIfNoCase Referer "^http://cyberciti\.biz/" banimages=1
SetEnvIfNoCase Referer "^$" banimages=1
<FilesMatch "\.(gif|png|jpe?g)$">
  Order Allow,Deny
  Allow from env=banimages=1
</FilesMatch>

Or you can use following simple code:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?cyberciti.biz/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F] 

Solution # 2 : Prevent “hot linking” of images and redirect to new image

This method stop hotlinking and displays alternate image to endusers

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?cyberciti\.biz/.*$ [NC]
RewriteRule .*\.(gif|jpe?g|png)$ http://www.cyberciti.biz/noop.jpg [R,NC,L]

Unless the image is displayed on cyberciti.biz, browers would see the image noop.jpg. Replace domain cyberciti.biz and upload noop.jpg to webroot.

If you made changes to httpd.conf file; restart Apache:
# /etc/init.d/httpd restart

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
6 comments… add one
  • Nandkishor Apr 5, 2007 @ 10:01

    Hi,
    I have configured the many virual hosts. If many userser login or hit this hosts then some session files with there login number like (sess_76hy679jb a very big number) is created in /tmp directory.
    This files are deleted automaticaly. But currentaly these files are not deleted & they give session error. Where I change the default limit of this session files.
    Give me solution for this.

  • Michle Nov 6, 2008 @ 13:12

    Any one help, I has tried this below code with my local site. My local server is using Appache on Windows

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://localhost/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(gif|jpg|jpeg|bmp|png|js|css)$ – [F]

    The result seen to be error code 500 for any access

  • Intan Hamzah Sep 11, 2009 @ 2:14

    can u please guide me on how to read the status given ?

  • arif Aug 26, 2011 @ 15:38

    This doesn’t seem to work with firefox. I’ve tried the example code but changed it for use with FLV/MP4.

    Works fine with IE en Chrome, but not with firefox…anybody knows why??

    Cheers

  • Joe Nov 19, 2012 @ 16:04

    Doesn’t work. Also, you didn’t specify WHERE in the httpd.conf this should go. Fail.

  • Ardian Dharma Nov 22, 2016 @ 4:10

    try this code
    # Disable hotlinking of images
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(jpe?g?|png|gif|ico|pdf|flv|swf|gz)$ [NC]
    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?yourdomain\.com [NC]
    RewriteRule \.(jpe?g?|png|gif|ico|pdf|flv|swf|gz)$ – [NC,F]

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.