UK Sales: 0800 035 6364 | | We'll Call You

Using Conditional Statements and mod_rewrite

What happens when you start getting people hotlinking to your images (or other files)? Hot linking is the act of including an image, media file, etc from someone else’s server in one of your own pages as if it were your own. Obviously, as a webmaster, there are plenty of times when you don’t want people doing that. You’ll almost certainly have seen examples where someone has linked to one image on a website, only for a completely different, “nasty” one to be shown instead. So, how is this done?

It’s pretty simple really. All it takes are a couple of RewriteCond statements in your .htaccess file.

RewriteCond statements are as they sound - conditional statements for RewriteRules. The basic format for a RewriteCond is RewriteCond test_string cond_pattern. For our purpose, we will set the test_string to be the HTTP_REFERER. If the test string is neither empty nor our own server, then we will serve an alternative (low bandwidth) image, which tells the person who is hotlinking off for stealing our bandwidth.

Here’s how we do that:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(gif|jpg|png)$ [R,L]

Here, the RewriteRule will only be performed if all the preceeding RewriteConds are fulfilled. In the second RewriteCond, [NC] simply means “No Case”, so it doesn’t matter whether the domain name was written in upper case, lower case or a mixture of the two. So, any requests for gif, jpg or png files from referers other than will result in your “nasty” image being shown instead.

The [R,L] in the RewriteRule simply means “Redirect, Last”. So, the RewriteRule will visibly redirect output to “nasty.gif” and no more RewriteRules will be performed on this URL.

If you simply don’t want the hot linkers to see any image at all when they hot link to your images, then simply change the final line to RewriteRule \.(gif|jpg|png)$ - [F]. The - means “don’t rewrite the requested URL”, and the [F] means “Forbidden”. So, the hot linker will get a “403 Forbidden message”, and you don’t end up wasting your bandwidth.

Article appears in full on

2020Media is a leading provider of small business Wi-Fi hotspots. If you want to offer free Wi-Fi to your customers or users, our service could be exactly what you are looking for. Our Hotspots are managed in the cloud, ultra-reliable and give you loads of information about behaviour patterns of your users. Read More   Read more...
2020Media introduces Moodle Hosting - UK servers and UK Moodle experts setup your site ready to use. Read more...
Special Offer for Longer Registration Periods Register or renew a .com, .net or .org domain name for 5 years we'll include 1 year free*. Read more...
2020Media is now offering zero-click installation of the popular TYPO3 content management system. Read more...

Our blog is regularly updated with news, tips and industry opinion.


  • AggieWestons
  • baker-and-mckenzie
  • arts-council-england
  • Big Finish
  • barratt-developments-logo
  • City-of-Lincoln-council-logo
  • brora-logo
  • DenisMacShane
  • Construction-Industry-Council
  • colchester