SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Evangelist yowen's Avatar
    Join Date
    Feb 2004
    Location
    Michigan
    Posts
    442
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Htaccess, preventing hotlinking

    Hey guys, I have a wordpress blog that is a using excessive bandwidth, over a gigabyte a day. Is there reasons I shouldn't prevent hotlinking? Is the following a good way to do it?

    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mywebsite\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn\. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

    I don't want to affect anything about my blog negatively or somehow mess up wordpress with this htaccess, which I doubt would happen?

    Would you guys suggest doing anything differently in my situation? The htaccess method is the only way I am aware of, since last I ran into this issue many years ago.

  2. #2
    SitePoint Wizard webcosmo's Avatar
    Join Date
    Oct 2007
    Location
    Boston, MA
    Posts
    1,480
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I think this would be a good way of doing it, as you displayed above with the .htaccess.
    This will keep all your pages intact loading fine.

    I would recommend doing a test run on your blog first.

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,260
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)
    If you want to do the work, IMHO there is a better way. The htaccess rules you posted can be circumvented by someone simply by turning off Referer or spoofing Google.

    - Protected Images go into a folder outside of the public root folder, no direct HTTP requests possible
    - Pages with image links set a SESSION (or maybe a CONSTANT ?)
    - Image links point to - OR - htaccess rewrites requests for images to
    a script file that checks the SESSION and if OK fopen()s the image returning it with appropriate headers
    if not OK, display broken image or a custom default

    I guess the biggest problem area might be setting SESSION on all your pages.

    Pages could still be scraped, but it would prevent all hot-linking.

    Are you certain the images are the main culprit? Maybe you should look into flood control.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •