Block hotlinkers but allow some sites remote access to images using .htaccess

In a previous post I explained how to create a .htaccess file to stop remote image linking (hotlinking) and bandwidth theft – however, there are some situations where you might want your image files linked to from remote sites – how do you make exceptions for these sites?

The code to block all sites from hotlinking to your images is, as follows (see my previous post for a detailed explanation of the code):
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)? [NC]
RewriteRule \.(png|gif|jpe?g)$ - [NC,F]

To allow Google, AltaVista, Gigablast, Comet Systems, and SearchHippo translators and caches to be able to link to images we need to use the following code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?tomrafteryit\.net [NC]
RewriteCond %{HTTP_REFERER} !^http://216\.239\.(3[2-9]|[45][0-9]|6[0-3]).*(www\.)?tomrafteryit\.net [NC]
RewriteCond %{HTTP_REFERER} !^*(www\.)?tomrafteryit\.net [NC]
RewriteCond %{HTTP_REFERER} !^http://216\.243\.113\.1/cgi/
RewriteCond %{HTTP_REFERER} !^http://search.*\.cometsystems\.com/search.*(www\.)?tomrafteryit\.net [NC]
RewriteCond %{HTTP_REFERER} !^http://.*searchhippo\.com.*(www\.)?tomrafteryit\.net [NC]
RewriteRule \.(png|gif|jpe?g)$ - [NC,F]

And obviously, everywhere you see my domain ( in the code, substitute in your own domain.

4 thoughts on “Block hotlinkers but allow some sites remote access to images using .htaccess”

  1. Thanks for providing this! 🙂

    You might want to also add the following, since these sites provide access to your content (via RSS) when they show the images:

    RewriteCond %{HTTP_REFERER} !^http://[^./]*\.bloglines\.com [NC]RewriteCond %{HTTP_REFERER} !^http://[^./]*\.talkr\.com [NC]

    Also, I prefer to use [^./]* (“not a dot or a slash 0 or more times”) instead of (www\.)?, since that will also subdomains outside of www.

  2. Whoops, the br didn’t get in there.
    Should be this:

    RewriteCond %{HTTP_REFERER} !^http://[^./]*\.bloglines\.com [NC]
    RewriteCond %{HTTP_REFERER} !^http://[^./]*\.talkr\.com [NC]

  3. Tom I would just like to say thanks, I’ve been looking for a simple way to block access to a section of our site. Your clear writing skills are amazing, and I’ve read lots of sites in the last five days.

    Thanks very much, will update you when our services goes live.

  4. First of all thank you for this article.

    i have 2 websites one for UK and 2nd for USA .com. My .com website is located on root directory and is located in .com sub domain like and my all images, scripts are hosted at .com (root directory) for both .com and domains. When ever i am calling images from sub domain for UK website its not giving me any error or if the same image hosted at root directly and i want to past that image at UK website its giving me an error at the bottom of IE “could not find a privacy policy for To view this site’s privacy policy, contact the website directly” and if i would like to call any YAHOO image on my testing page its not giving me any type of error.

    can please guide me where is the error?


Comments are closed.