Latest TweetsVerify any search engine or visitor via CLI Forward-Reverse Lookup perishablepress.com/cli-forwar…
Perishable Press

Three Ways to Allow Hotlinking in Specific Directories

After implementing any of the hotlink-prevention techniques described in our previous article, you may find it necessary to disable hotlink-protection for a specific directory. By default, htaccess rules apply to the directory in which it is located, as well as all subdirectories contained therein. There are (at least) three ways to enable selective hotlinking:

Place hotlink images in an alternate directory

This method works great if your hotlink-protection rules are located in a directory other than the site root. Simply create another directory outside of the directory containing the htaccess rules and place your hotlink-allowed images into that directory.

Create a pseudo-rewrite rule for the target directory

If your images are located within the influence of your hotlink-protection rules, and you need to enable hotlinking for a specific directory, it is possible to circumvent the anti-hotlink rewriting for that directory. In the htaccess file for the target directory, add the following, pseudo-rewrite rules:

# disable hotlink protection
RewriteEngine on
RewriteRule ^.*$ -

Turn off the rewrite engine in the target directory

Ahh, the joys of simplicity. If neither of the previous methods seem appealing to you, perhaps the simple elegance of this effective method will inspire you: turn off the rewrite engine in the directory that houses your hotlink images. That’s it. Simply add the following line to your target directory’s htaccess file and enjoy immediate results:

# disable hotlink protection
RewriteEngine off

Any one of these methods works fine, but disabling the RewriteEngine in the target directory is by far the most elegant solution.

Update

An alternate way of disabling mod_rewrite is to flag the last RewriteRule with the [END] flag. For example:

RewriteRule /(some-other-rule)/ https://perishablepress.com/ [END]

What about enabling hotlink-protection in a specific directory? Read on, my friend..

Selectively protect files in a specific directory

Protecting the contents of a specific directory (as opposed to all directories) requires a simple addition to any of the anti-hotlinking measures presented in our previous article. If, say, you wanted to protect all files located in a directory called “private,” you would modify the RewriteRule as follows:

# protect all content in private directory and return a forbidden error
RewriteRule protected/(.*)$ - [F,NC,L]

..or, alternatively:

# protect all content in private directory and return a nasty image
RewriteRule protected/(.*)$ http://domain.tld/hotlink.jpg [R,NC,L]

In other words, prepend the name of the target directory to the list of protected file types, which in this example is all files, as represented by the wildcard expression ((.*)).

Jeff Starr
About the Author Jeff Starr = Creative thinker. Passionate about free and open Web.
Archives
9 responses
  1. Hi.

    It’s there anyway to HotLink Protect my hole site, and just only allow one folder for hotlink. I like to use one folder that i store all my avatars and sigs to other forums.
    It’s that possible?

    Thanks.

  2. Jeff Starr

    Proximuz,

    Um, yes, allowing hotlinking in a specific directory is exactly what this article is about. After implementing hotlink-protection sitewide (see link in first paragraph), return to this post and employ any of the three methods to disable protection for the folder of your choice. (Sorry for the redundancy — I just wanted to be clear:)

    Regards,
    Jeff

  3. Great tutorial man… thanks for your help…… bookmarking this page…

  4. I just did some more testing and it isn’t stopping any hotlinks at all. I deleted her renamed the most problematic files first and that is what is giving people the 403 error. I just tried commenting the symnlinks line too.. Maybe I should have tried a simpler solution first…

    ###############################
    # ultimate hotlink protection #
    ###############################
    
    # disable directory browsing
    # uncomment this option to protect access to directories
    # Options -Indexes
    
    # enable the following of symlinks
    # uncomment this option if hotlink protection fails to work
    Options +FollowSymLinks
    
    # verify presence of mod rewrite
    
    # enable the rewrite engine
    RewriteEngine on
    
    # check that file exists
    RewriteCond %{REQUEST_FILENAME} -f
    
    # check for requested file types
    # include additional file types here
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    
    # allow blank referrer requests
    RewriteCond %{HTTP_REFERER} !^$
    
    # allow all requests from your domain
    # edit the domain to match your own
    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?muschamp\. [NC]
    
    # additional site access
    # include additional sites here replace domain names and or 
    # remove unnecessary lines or add new lines for more sites
    # RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain_01\. [NC]
    # RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain_02\. [NC]
    # RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain_03\. [NC]
    
    # search engine access
    # include or remove search engines feed readers and other sites
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !slurp\. [NC]
    RewriteCond %{HTTP_REFERER} !mmcrawler\. [NC]
    RewriteCond %{HTTP_REFERER} !msnbot\. [NC]
    RewriteCond %{HTTP_REFERER} !sandcrawler\. [NC]
    RewriteCond %{HTTP_REFERER} !msrbot\. [NC]
    RewriteCond %{HTTP_REFERER} !teoma\. [NC]
    RewriteCond %{HTTP_REFERER} !jeeves\. [NC]
    
    # allow access to all requests for your anti hotlink image
    # to serve an image instead of delivering a 403 error
    # uncomment the next line and edit the path and file name
    RewriteCond %{REQUEST_URI} http://muschamp.ca/CommonImages/doNotHotLink.jpg [NC]
    
    # deliver the hotlink image for all requests for the listed files
    # protect additional file types by editing the list below
    # if you are serving a file instead of a 403 
    # uncomment the next line and edit the path and file name
    RewriteRule \.(gif|jpe?g?|png)$ http://muschamp.ca/CommonImages/doNotHotLink.jpg [R,NC,L]
    
    # return a 403 error when any of the following file types is requested
    # you can protect additional file types by editing the list below
    # RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
  5. hi,

    Is there any way to disable hotlinking only in specific folders in lighttpd and not on whole site?
    Note :-i am talking about lighttpd not apache

  6. Thanks for this great post. Fixed my problem in minutes !

  7. Is this supposed to show me how to maintain just ONE .htaccess file for my entire hosted space? I don’t want multiple .htaccess files since I am constantly editing this one to block bots and crawlers. I purchased the guide but so far I have not found such a solution in it.

    • Jeff Starr

      It’s completely up to you.. some sites may use only .htaccess file, others may use multiple files.. it all depends on your goals and the structure of your site. Most cases one .htaccess in the root directory is all that’s needed.

  8. Pali Madra March 2, 2013 @ 10:11 am

    Thanks this helped a lot was stuck with one of the site of a client which was not loading properly because hotlinking was disabled.

    @jeff I wanted to know if the .htaccess file follows some inheritance rules or not?

    Thanks again.

[ Comments are closed for this post ]