Hotlink Protection

Learning Focus

By the end of this lesson you will know how to prevent other websites from embedding your images and media files directly.

What Hotlinking Is

Hotlinking occurs when external sites embed your images, videos, or files on their pages. This uses your bandwidth and server resources to serve their content.

Protection via .htaccess

# Block hotlinking for images
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp|svg)$ - [F]

Protection via WebAdmin

Virtual Hosts → select vhost → Context tab
Add a context for your image directory
Set Access Control to deny requests with external referrers

Verifying

# Test from external referrer (should fail)
curl -sI -H "Referer: https://other-site.com" https://example.com/images/photo.jpg

# Test from your own site (should work)
curl -sI -H "Referer: https://example.com" https://example.com/images/photo.jpg

Key Takeaways

Hotlink protection saves bandwidth by blocking unauthorized embedding.
Use rewrite rules or WebAdmin access control based on the Referer header.
Test both blocked and allowed requests after configuring.

What's Next

Return to the Security module for the complete overview.

What Hotlinking Is​

Protection via .htaccess​

Protection via WebAdmin​

Verifying​

Key Takeaways​

What's Next​