Using mod_rewrite and .htaccess to prevent image leeching.

February 4, 2006 at 2:33 pm · Filed under Tech

Make sure your Apache installation has mod_rewrite installed and usable, and create this .htaccess file in any directory that you’d like to protect from hotlinking:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://neuro-tech.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.neuro-tech.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.bloglines.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG|bmp|BMP)$ - [F]

It’ll check and verify that the referer is either blank, from my site, or from Bloglines (since I use a lot of inline images on posts). Any other referer gets a 403 Access Denied sent to them. You can also get creative and redirect them to tubgirl or something too.

Before I set this up I was chewing away over a gigabyte a day in from shit like MySpace profiles and Xanga pages. At first I was doing redirects to shock pictures, but it hit me that nobody even knows that when they embed someone else’s image in their page then that someone else has to pay for the bandwidth. No one even cares where the images come from, so realizing that I went the “nice” road and return a broken image instead :-)

6 Comments »

  1. Ron said,

    February 5, 2006 @ 12:27 am

    Over a gig a day? What the heck were people linking to?

  2. Luke said,

    February 5, 2006 @ 11:19 am

    Pictures of buildings I took on some skyscraper site, video game pictures and screenshots. Oh, photos of your Subaru and the car show you went to. Lots of links to Chie’s pictures of dogs and other cute stuff. Lots of people just Google Image search what they want and blindly embed it in their page I guess.

  3. Ron said,

    February 5, 2006 @ 8:57 pm

    hm, interesting. I might have linked to the Subaru from my profile page on the SVX Network site and forums, but other than that…

  4. Luke said,

    February 5, 2006 @ 8:59 pm

    Oh no, I checked a bunch of the sites doing the hotlinking and it was all just random assholes. If there’s any sites you want on the allowed list just let me know.

  5. Ron said,

    February 6, 2006 @ 9:36 am

    Sure will. Thanks.

  6. matt said,

    February 8, 2006 @ 12:42 pm

    it may have no relivence to the conversation but… “Saying that Java is nice because it works on all OS’s is like saying that anal sex is nice because it works on all genders”

    .BAM!

RSS feed for comments on this post

Leave a Comment