Advertisements

How to block requests by referrer using .htaccess

There may be times you want to stop site visitors from clicking from a link on another site. This is called blocking the “referrer”, it’s also used to prevent image hot-linking.

A “referrer” is another site that is linking to yours. When a user clicks on the link on the other site, they are considered the referrer. In a basic referrer block, you block the traffic by specifying what domains (referrers) may not send you traffic.

For example, the following code will block any visitors that visit by clicking on links at example.com, or block any pages or images included in example.com that are from your site (iframes, images, etc).

RewriteEngine On
# Next line may be required, uncomment it if you're having trouble
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} example.com [NC]
RewriteRule .* - [F]

The thing about this is it does not stop someone from simply typing in your website address into their browser; it specifically stops traffic that originates from that other domain.

If you simply want to stop image hot-linking, we just block the file types, rather than all traffic. The only line to change is the RewriteRule line. You have two choices: To block the images completely, or to present an image that says that you don’t allow hotlinks.

Option 1: Forbid the request

RewriteRule .*.(jpe?g|gif|bmp|png)$ - [F]

Option 2: Redirect to something else

RewriteRule .*.(jpe?g|gif|bmp|png)$ http://mysite.com/nohotlinks.jpg [L]

Feel free to adapt this to your needs.

Questions, comments, or feedback? Got another method that you think is better, or am I missing something? Please feel free to share it in the comments below. Thank you!

Advertisements