• JavaScript Kit
• Free JavaScripts
• JavaScript tutorials
• JavaScript Reference
• DOM Reference
• DHTML & CSS
• Web Design
• Free Java Applets
• CSS Quick Reference
• JavaScript Forums

• CSS Drive
• JavaScript Menus
• CSS codes & examples
• Build a website
• Software Geek

Preventing hot linking of images and other file types

Note: This portion of tutorial written by JavaScript Kit

In the webmaster community, "hot linking" is a curse phrase. Also known as "bandwidth stealing" by the angry site owner,  it refers to linking directly to non-html objects not on one own's server, such as images, .js files etc. The victim's server in this case is robbed of bandwidth (and in turn money) as the violator enjoys showing content without having to pay for its deliverance. The most common practice of hot linking pertains to another site's images.

Using .htaccess, you can disallow hot linking on your server, so those attempting to link to an image or CSS file on your site, for example, is either blocked (failed request, such as a broken image) or served a different content (ie: an image of an angry man) . Note that mod_rewrite needs to be enabled on your server in order for this aspect of .htaccess to work. Inquire your web host regarding this.

With all the pieces in place, here's how to disable hot linking of certain file types on your site, in the case below, images, JavaScript (js) and CSS (css) files on your site. Simply add the below code to your .htaccess file, and upload the file either to your root directory, or a particular subdirectory to localize the effect to just one section of your site:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]

Serving alternate content when hot linking is detected

You can set up your .htaccess file to actually serve up different content when hot linking occurs. This is more commonly done with images, such as serving up an Angry Man image in place of the hot linked one. The code for this is:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/angryman.gif [R,L]

Same deal- replace mydomain.com with your own, plus angryman.gif.

Time to pour a bucket of cold water on hot linking!

• Tutorial Introduction
• Error Documents
• Password protection
• Enabling SSI via htaccess
• Blocking users by IP
• Blocking users/ sites by referrer
• Blocking bad bots and site rippers (aka offline browsers)
• Change your default directory page
• Redirects
• Prevent viewing of htaccess
• Adding MIME types
• Preventing hot linking of your images and other file types
• Preventing directory listing
• Conclusion and more information

Preventing directory listing