How to stop hotlinking and bandwidth theft in Apache

You can stop others from hotlinking your site’s files by including the following settings into your .htaccess file in your Apache site root (main) directory or virtual host config file.

Example: Your site url is To stop hotlinking of your images from other sites and display a replacement image called for instance donthotlink.gif from your own server or just pick any image from an external image service provider or CDN.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ [L]

The first line of the above code begins the rewrite. The second line blocks any sites other than your own url. The [NC] code means “No Case”, meaning match the url regardless of being in upper or lower case letters. The third line means allow empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the donthotlink.gif image.

You can display a 403 Forbidden error code instead of an image which is my favourite option. Replace the last line of the previous examples with this line:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s