Using .htaccess to redirect hotlinkers to another image

In my last post on using .htaccess to block direct linking of images, I advised simply using the RewriteRule to forbid display of images (i.e. RewriteRule .(gif|png|jpg|jpeg?)$ – [NC,F]). This is a nice simple rule which works a treat to block display of your images on remote sites.

However, if you want to take this a step further, you can re-direct requests for images from remote webpages to an image of choice on your website. I have created an image, called stolenimage.jpg, which simply says “This image is stolen”. Anyone trying to link directly to images on my site is, therefore, inadvertantly serving that image on their pages.

The code to put in .htaccess to achieve this is:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?tomrafteryit.net [NC]
RewriteRule \.(png|gif|jpe?g)$ stolenimage.$1 [NC,L]

This is the same code as is in my previous post except for the RewriteRule.

It is a very good idea not to redirect a browser from one file type to another. The cleanest approach is to make a seperate version of your the stolenimage.jpg file in each format that you use on your site – for example I have one in gif format, one in jpg format, one in jpeg format, and one in png format. Then redirect each hot-linked image to the matching filetype.

In the RewriteRule above, the “$1” in the last line refers back to the contents of the parenthesis in the same line. That is, a request for a .jpg file will be redirected to http://www.tomrafteryit.net/stolenimage.jpg, and a request for a .gif file will be redirected to http://www.tomrafteryit.net/stolenimage.gif, etc.

The L in the square brackets is the “last rule” – it stops the rewriting process here and tells the .htaccess file not to apply any more rewriting rules. See the Apache mod_rewrite URL Rewriting Engine page for more.

Obviously, if you are feeling a bit mischievous, you can serve other images to people hotlinking your images – “Free shipping worldwide – we ship anywhere for free”, “Order one, get three free” or “This site supports the Taliban’s policy on Feminism” are some possibilities! You are only limited by your imagination.

Many thanks to all the contributers to the WebmasterWorld forums, from where I gleaned most of the information in these posts.

12 thoughts on “Using .htaccess to redirect hotlinkers to another image”

  1. Question? If someone direct-links to an image on my site will google (and others) see this and count it as a link to my site and use it to raise my PageRank? If this is true I’d be shooting myself in the foot by discouraging direct-linking.

  2. What will happen if the ‘stolenimage’ itself is used by a hotlinker? Isn’t this creating an endless loop?

    Shouldn’t you use something like:

    RewriteCond %{REQUEST_URI} !^/stolenimage.png [NC]

    for every type of image as an additional condition? Or is the ‘last rule’ (L between square brackets) preventing the endless loop?

  3. Hi! This is awesome. And easy to understand! I appreciate it! Question though, is it possible that the directory where the images are stored can be changed?

  4. Hey there, thanks for the article.

    I made an htaccess file following your directions but can’t seem to make it redirect to my website’s logo (which is always fun, free advertising).

    I have both a gif and jpeg version of my logo at the address below and here is a copy of my htaccess (made in word, uploaded via ftp and then renamed simply “.htaccess”).

    If you see something wrong below could you let me know? My pictures reside in the picture files below (the website name is fake):

    Thanks!

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mywebsitename.com [NC]
    RewriteRule \.(png|gif|jpe?g)$ /pic/misc/logo.$1 [NC,L]

  5. In regard to your .htaccess article. My problem is, I’ve had too
    much success. That’s right, I’ve tried at least 30 different code snippets, yours being the latest. And they all block my own images, yours too. I’ve got the standard Apache Server setup. There must be a simple explanation. Any suggestions.

    Thank you,

    MO’R

Comments are closed.