How to avoid Bandwidth Theft using Hotlink Protection ?

What is Hotlinking ?

Hotlinking is nothing but linking directly to images, media and other files present on your website hence your web hosting server.

What is Bandwidth Theft ?

We all are aware, bandwidth is the rate of data transferred between one point to the other in a given time frame. When browsing a particular website, you are actually using the bandwidth assigned to that web-site, whose cost is borne by the site owner. When you choose a particular web hosting package, there is fixed amount of bandwidth that is allowed to use, which if used in excess can make you pay more. You may refer What Is Bandwidth | Part 1 to learn more in detail.

However, when someone creates a direct link to images present on your server (ie. on your website) by adding them to their website, the images are served from your server wherein your bandwidth is used in the process. This is called bandwidth theft.

How to Prevent Bandwidth Theft ?

The Apache Server Mod Rewrite Engine holds the capability of examining the name of the document requesting for a file of a particular type. Incase, the URL of a webpage requests for an image file present on your server is from a known and allowed source, only then it will display the image. Else, a broken image is shown as an output.

Such logics and rules are added to the directory/ies containing the image files.

Steps for Preventing Bandwidth Theft

  1. You need to make sure that the Apache Server is compiled with mod_rewrite. It isn’t included as a default feature at the time of installation. In case you realise that mod_rewrite isn’t installed, you should not try to install it. You must bare in mind that trying to do so might make your website loose its functionality. It is advised to contact our Support Department for assistance. If you are a system admin yourself, you must refer the Apache INSTALL file for instructions about enabling mod_rewrite.
  2. Segregate the images into directories that don’t contain the HTML files used by your website. An inclusion of an empty index.html file into every directory holding the images would avoid individuals from looking into your directory listings.
  3. It is a good practice to create or edit .htaccess file in any of the directories holding the image files used by your website.
  4. Make sure that you include the below lines in the .htaccess file :

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^*$ [NC]

RewriteCond %{HTTP_REFERER} !^*$ [NC]

RewriteRule .*.gif$ – [L]

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^*$ [NC]

RewriteCond %{HTTP_REFERER} !^*$ [NC]

RewriteRule .*.jpg$
– [L]

NOTE: Make sure that you’ve added the above in the same format as stated. Also, replace with your actual domain name.

Before implementing it over your website/server, it is advisable to do a test run. You might want to build a webpage on a different server and proceed with inserting image tag that is pointing to an image in the protected directory. If the result is a broken image icon, it proves that you have successfully implemented things well. Though, you can still check the request in the server logs, but the bandwidth is prevented from getting used.

Note : If you are testing it for files in the format ‘.MIDI’ , it should come up with a Forbidden error.

Pin It on Pinterest

Share This