Knowledgebase

How to prevent people from using images from your site as inline images on theirs

When people want to display an image on their site and that image is accessible on another site (e.g. yours), one way they can do this is to use directly the external URL of the image. This means that when a client visits the site of that person, in order for the image to be displayed on that site it has to be transferred from the server hosting your site. This in turn means heavier traffic for your site without people actually visiting your website. This way of using images is also known as hotlinking.

You can protect your images from being used in such a way with a few Apache directives. For example, if on your hosting account you have an images folder that contains only pictures, you can create an .htaccess file in that folder and put the following directives:

SetEnvIf Referer "^http://yourdomain\.com" local
Order Deny,Allow
Deny from All
Allow from env=local

Let's explain what the directives mean. The SetEnvIf directive is used to set an environment variable. Referer is an HTTP header field and it designates a site from which a link was used to go to another site. In the above example it pretty much means any other site except yours. You should replace http://yourdomain\.com with the actual URL address of your site. Regular expressions are used for the URL part of the directive, that's why there's a backslash before .com (in this way the dot is interpreted literally). The last part is local and this is the actual name of the environment variable; here you can put anything you want (e.g. local, local_referer, my_site, etc.). If you use more than one word for the variable, put underscores between the words. The directives below SetEnvIf specify that only pages within your site can be used to refer to content/images on other pages within the site.

Practically this will block the display of images on other sites when an URL address pointing to an image on your site is used. This will not block any links that will actual lead the visitors to pages on your site.

If there are subfolders within the images folder they will also be affected. The way the example directives above are constructed they will also affect other file types (not just images). So the above directives should be used in a folder that contains only images, and if there are any subfolders in it they should also be with images.

If you want to protect all the images within public_html (this is the root folder on your hosting account) and its subfolders no matter how many levels down, you can put the following directives in an .htaccess file that's in the public_html folder:

SetEnvIf Referer "^http://yourdomain\.com" local
<FilesMatch "\.(jpg|png|gif)$">
Order Deny,Allow
Deny from All
Allow from env=local
</FilesMatch>

These directives will have the same effect as the previous example, but they will be applied only to the listed file types in the FilesMatch directive. In our example these are JPG, PNG and GIF images.

Was this answer helpful?

 Print this Article

Also Read