Using .htaccess to Prevent Bandwidth Theft
Every once in a while Google Analytics will turn up a peculiar behavior where you can tell someone is linking directly to an image hosted on your Web server. Sometimes it can be for good reasons like giving you credit for a project, or make sure files are synced up (cross-domain projects); but it’s usually just out of ignorance or laziness (or myspace).
Either way, hotlinking images like that steals your bandwidth and can effect the performance of your server. So you want to stop it.
There are a few ways you can do this; some people output a special image to a bandwidth thief that says something like “Stop stealing my images”. I don’t like that mainly because you’re intentionally degrading your bandwidth to teach someone a lesson about hotlinking? Bleh.
I prefer using a 403 error, it works just as well in my opinion, and gets the point accross.
.htaccess code
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?csskarma\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]Put that in your .htaccess file (in your root directory). If you don't have an .htaccess file, just create an empty file in the root and name it ".htaccess". Then put this code in there and you'll be good to go.
Don't forget to change out "csskarma" for your web site. You'll definitely notice if you forget that bit.
What's going on
Turn on the rewrite condition:
RewriteEngine OnMatch any request for csskarma.com (NC means "no case" it will match upper or lower case requests):
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?csskarma\.com/ [NC]Allow empty requests, these are harmless and often 404 errors anyway
RewriteCond %{HTTP_REFERER} !^$Replace the stolen image with a 403 "forbidden" error
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]You can leave a response, or trackback from your own site.
« Web Standards and the Shower Curtain | Analyzing Home »
8 Responses to “Using .htaccess to Prevent Bandwidth Theft”
|
|
Leave a Reply
Can you explain a little bit about what those rules are doing? I use htaccess files on most of my sites just to make sure site.com and http://www.site.com and site.net and all that all go where I want them. But I’ve never used it with images like this.
Sure thing, I’ll update the post
I suppose my question is then: On my own personal website, I have a folder that I use for hosting images that I post around the web (in other blogs that I write in, or just to host an image so I can link to it in tweets or whatnot).
So this technique described above would prevent me from doing this, yes?
I suppose, until my bandwidth is seriously compromised by people directly linking my images (it happens a bit now), I’ll just let it slide.
it will prevent people from displaying images that are hosted on your domain, but not just being linked to. You can still link to them in tweets and whatnot.
You can also turn off the rewrite condition in that folder so those images and be freely distributed.
Or you can remove an image type from that last line, like “png”, that should open up png linking, but still block all the others
if you were going for a .co.uk TLD woud you put
)?csskarma\.co\.uk/
or
)?csskarma\.co.uk/
I’ve never tried it, but my gut tells me you have to escape the extra dot like:
)?csskarma\.co\.uk/
Yet another reason I enjoy working on Apache servers. No .htaccess in ISS/Windows environments.
Cheap phentermine….
Cheap phentermine by phone. Cheap phentermine. Phentermine cheap. Cheap phentermine pay cash on delivery. Cheap phentermine cod. Cheap phentermine diet pill….