I've had a problem recently with people stealing images from my website - either hot-linking them or re-uploading them to other sites. My first attempt to stop this was by modifying the .htaccess file on the web server, telling it to only allow image requests from recognised places.
This works because most browsers send a 'referrer' value which tells the web server where the request came from. If I display an image on my site, the referrer should be 'mikedowney.co.uk', which would be allowed. Requests from other sites would be disallowed.
This should work with most sites hosted on an Apache server. I added the following lines to the .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mikedowney.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.(\.)? [NC]
RewriteRule \.(jpg|jpeg|gif)$ /image_error.png [NC,R,L]
The first line tells the server we are using the RewriteEngine to change how some URLs are handled. The next 3 lines specify which referrers are allowed to link to images. We have:
- Empty referrer. This is because some browsers may not correctly fill in the 'referrer' line when requesting images.
- This website - it would be pointless to disallow me from showing my own images.
- Any of the google servers - so that the google image search will work properly. The (.)? bit at the end should match different countries, such as google.com or .co.uk etc.
The final line gives the file types this applies to and the file to display if it matches. In this case, an image with an error message.