In this tutorial, you’ll learn how to prevent your images from being hotlinked. Specifically, you will learn how to stop hotlinking on Nginx and Apache web servers.
These examples will prevent hotlinking on any application that you run including WordPress.
Prevent Hotlinking on Nginx
To prevent hotlinking of images on Nginx, add the following location block to your configuration file.
location ~ .(gif|png|jpeg|jpg|svg)$ { valid_referers none blocked example.com *.example.com; if ($invalid_referer) { return 403; } }
This code snippet will disallow images from being loaded on domain names that are not example.com or a subdomain of example.com. Of course, replace this domain name your domain name.
Restart the Nginx server to apply your configuration changes.
systemctl restart nginx
Now, rather than serving the image, Nginx will return a 403 forbidden error if another server attempts to hotlink any images from example.com.
Prevent Hotlinking on Apache
To prevent hotlinking of images on Apache, first make sure you have enabled the use of an .htaccess file by adding this snippet to your configuration file. This assumes the website root directory is /var/www/html/
.
<Directory /var/www/html> AllowOverride All </Directory>
Next, add the following lines to your .htaccess file in the root of your website directory. If you don’t already have an .htaccess file, please create it.
RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC] RewriteRule \.(gif|png|jpeg|jpg|svg)$ - [F]
This code snippet will disable images from being loaded on domain names that are not example.com or a subdomain of example.com. Of course, replace this domain name your domain name.
Finally, turn on the rewrite engine if it’s not already enabled, and restart the Apache server to apply your configuration changes.
a2enmod rewrite systemctl restart apache2
Now, rather than serving the image, Apache will return a 403 forbidden error if another server attempts to hotlink any images from example.com.
Hello Tony
Thank you for these really useful snippets.
I have a different problem to this, although, i suspect it is probably related.
Can you kindly advise the snippet to use to “prevent direct file access” in Nginx i.e., can I attempt to deny a visitor directly accessing a file/image (based on the file URL) and provide access only if they navigate to that file from within my website?
Many thanks in advance.
I’m actually not sure how to do that in Nginx.