Lighttpd prevent image hotlinking or leeching or direct linking

Lighttpd logo

Hotlinking or leeching or direct linking comes under Bandwidth theft (also known as Inline linking).

ADVERTISEMENTS

Wikipedia defines Inline linking as:
Inline linking, also known as hotlinking, leeching, or direct linking is the placing of a linked object, often an image, from one site in a web page belonging to a second site. The second site is said to have an inline link to the one where the object is located. It is used for such activities as linking images from personal home page storage into the online diary of the person controlling the personal home page.¨

In this tutorial I will explain on stopping hotlinking under Lighttpd webserver. If you are using Apache web server, please see Apache prevent hot linking or leeching of images using mod_rewrite howto.

Let us say you would like to prevent hotlinking for domain theos.in:
=> Allow all image refer from your own domain theos.in and other domains such as nixcraft.com or cyberciti.biz
=> Allow image bot crawlers/ useragent such as msnbot-media (MSN), Mediapartners-Google (Google) and Yahoo-MMCrawler (Yahoo)
=> Allow image refer from images.google.com, images.search.yahoo.com etc
=> Allow feedburner to burn your feed and images

Open your lighttpd.conf file. Locate virtual domain configuration section for domain theos.in:
# vi /etc/lighttpd/lighttpd.conf
Find virtual domain configuration and append code as follows:
$HTTP["referer"] !~ "^($|http://.*\.(theos\.in|^$|google\.*|yahoo\.*|msn\.*|nixcraft\.com|cyberciti\.biz|cricketnow\.in))" {
$HTTP["useragent"] !~ "msnbot-media" {
$HTTP["useragent"] !~ "Mediapartners-Google" {
$HTTP["useragent"] !~ "Yahoo-MMCrawler" {
$HTTP["useragent"] !~ "FeedBurner" {
url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif", ".avg", ".mpeg" )
}
}
}
}
}

Save and close the file. Restart lighttpd webserver:
# /etc/init.d/lighttpd restart
Final configuration includes support for MSN, Google, Yahoo cache 🙂

$HTTP["referer"] !~ "^($|http://.*\.(google\.*|yahoo\.*|msn\.*|cyberciti\.biz|msnscache\.com/.*))" {
$HTTP["referer"] !~ "^($|http://theos\.in|^$|nixcraft\.com|cricketnow\.in)" {
  $HTTP["useragent"] !~ "msnbot-media" {
  $HTTP["useragent"] !~ "Mediapartners-Google" {
  $HTTP["useragent"] !~ "Yahoo-MMCrawler" {
  $HTTP["useragent"] !~ "FeedBurner" {
  $HTTP["referer"] !~ "^($|http://.*/.*(q=cache.*|p=cache.*))" {
     url.access-deny = ( ".jpg", ".jpeg", ".png", ".gif", ".ico" )
       }
      }
     }
    }
   }
  }
 }
}

It can get more complicated but above is sufficient for most websites 😉

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
2 comments… add one
  • mumuri Sep 9, 2007 @ 19:45

    Nice work but you forgot googlebot, mediapartner is the adsense robot.

    more over you can add an other examples with
    http://babelfish.altavista.com/

    there is not only cache system to allow

  • mumuri Sep 9, 2007 @ 20:12

    and a little question, could you add a directive to redirect to a default picture ?

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.