Prohibiting linking of images

I have a directory on my site with a lot of images, and people are always linking directly to my images from their websites, using up my bandwidth.

Is there any way to disable the ability for people to link to my images, for only this directory? I’ve added javascript to prohibit right clicking, but people can still viewsource, and get the URL for the image, so I’m thinking if I could just prohibit outside linking period, I’d be better able to address the issue.

You might have a look at these threads:
(read the whole thread, not just the messages I’ve linked)

mod_rewrite is probably what you want to use, but it is a bit tricky to use (I haven’t messed with it a lot) – it can keep your site from coming up completely if you mess up the syntax, so make sure to test your site after you’ve edited your .htaccess file.

Hope this helps (and I’m sure others on the board will have more to say on the subject.

Yeah, thanks. I knew using .htaccess, I could prohibit outside linking, so I did some research right after I posted and found the code I needed to use.

Thanks for the help!

For the benefit of other users of the forum (including myself!) would you be as kind as to post a snippet of the solution you found?


  • wil

Sure, I just added this to my .htaccess. I’ve seen several versions of this code, but this one suits my needs just fine.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
RewriteRule .(gif|jpg)$ - [F]

Hm. I’ve seen a few funny ones of these – names ones which return a different image for any host other than the local host. I’ll leave the kind of images they return up to your imagination. :slight_smile:

Bear in mind with that snippet that it will work for every sub-directory underneath the directory you place that .htaccess control file in.

Thanks for sharing!

  • wil

Yeah, I could have had it return a different image with the code below.

The site I have had lots of problems with people linking to the images directly. When I would notice people doing it, I would go and replace the image with a mean one. That got pretty tedious though. This method is a LOT easier. You can also modify it to allow certain sites to link, and ban everything else, or even allow only certain images to be linked. mod_rewrite is great!

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
RewriteRule .(gif|jpg)$ [R,L]

Yep! mod_rewrite is definitily a powerful too. It has a great regex engine which makes it great for this sort of stuff.

Glad you got it working.

  • wil

I added the same thing to my .htaccess and it sure is great! I got tired of leaving mean gifs on other peoples pages when they direct linked. Sure it was fun but I had better things to do. One day I had 3!! I was pissed but laughing at the same time when I saw their pages. LOL

Here’s a site that tests whether your files can be direct linked to after you upload the .htaccess file.

I’m adding this for you or whoever else may be interested. Something else to block from your files is the Google image search. They caused my friend to go over her bandwidth (before DH raised it) one month. Add the below to your robots.txt

User-Agent: Googlebot-Image
Disallow: /

I really hate Google after seeing my graphics all over their pages when I typed in my site name and/or url. The people that go there probably think the graphics are free for the taking and those same idiots are the ones who also think it’s ok to direct link. Anyways, I just thought I’d share :slight_smile:


Hi Christy

Thanks for the info! That’s a great help.

I didn’t know that Google had a seperate bot for their image database. That’s good. As I didn’t want to ban the main Googlebot from spidering my pages for obvious reasons. Google are also pretty good at ackowlodging and respecting your .robots.txt file so this is a welcomed tip!


  • wil

You’re very welcome Wil!

Here’s more info

You’re right about Google respecting your robots.txt. Within days my graphics were gone from their image search. My site still lists first for their site search though :slight_smile: So placing this in the robots file definitely doesn’t hurt you at all.


Hi Bob, The white frame on the home page is supposed to be just white :wink: I wasn’t sure what to put there and considered maybe updates but it was better off just blank.

I never looked at a site through Google’s cache. I tried mine and just got a white page???

I blocked IA cause for some reason when I change my site I decide that I really didn’t like what I had before so I don’t want anyone else to see it anymore. I don’t even keep many old versions of my site saved. LOL Chances are you wouldn’t have liked the last version since it was in about 6 frames. Nothing tacky though and it was probably one of my favorites. I know a lot of people hate frames but I really like them if they are done right. I’m assuming iframes work with Mozilla since you saw my site ok? I gave up on having my site work with all browsers. It’s just a personal site so it’s not a big deal to me anymore.


Bob, I haven’t noticed whether IA has crawled my site or not. I haven’t checked my logs in a while like I should.

BTW I just noticed I had messed up my .htaccess and had my domain blocked from linking to my images. LOL I have my domain listed with and without the www. After you emailed me about the site still showing my images I tested with and without the www and it showed graphics only if I didn’t use the www. Sooooooo, I went and removed the www in the htaccess and for days now my site has not had any graphics, css etc. I just noticed this tonight and somehow figured out what it was. I guess the reason I am posting this is if anyone uses the code to stop direct linkers, you need to put your URL with and without the www. The site I got the code from said you don’t need to list the url without the www. I have found that you do. This whole thing really sucks cause I just spent hours trying to get a .js to work and it wouldn’t cause along with gifs, jpgs, & css I have .js files set up to not be direct linked to. OK I’m babbling now. 5 straight hours in front of this screen has made me loopy :wink:


Can someone point to a slightly less cryptic explanation of mod_rewrite than what is available at for how mod_rewrite works? I’ve discovered that this code works great, except when the URL is domain only - - i.e., loads all images, but doesn’t…

If this is the original:

RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC] RewriteRule \.(gif|jpg|png)$ - [F]then would this work better?

RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?*)$ [NC] RewriteRule \.(gif|jpg|png)$ - [F]

I don’t know mod_rewrite well, but perhaps this would work?
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]

Or even just:
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]

(I guess forward slashes don’t have to be escaped with mod_rewrite??)

Of course, with either of these, someone could probably create a subdomain like: and send the referral from there, no?

[quote]Of course, with either of these, someone could probably
create a subdomain like:
and send the referral from there, no?


Yes, but at that point it’d probably just be easier to download the images directly and re-upload them. Or create their own.

The easiest way to do it, I’d think, is to write up a condition where if someone hits your site without the trailing slash, redirect them to the correct URL.

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

The only way I got mine to work was by doing this…

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^
$ [NC]
RewriteRule .*.(gif|jpg|jpeg|bmp|css|js)$ [R,NC]

I had removed the one without the www and checked my site at and by typing my domain without the www my images showed up.

This site has a code generator and this is where I got mine. They say you don’t have to add the url without the www but mine only works that way. I swear when I first went there though it said to add both. I wouldn’t have thought of it on my own to add both so I swear they did say to. LOL


OK, will’s response makes a little more sense after looking at Perl’s regex page; so shouldn’t

RewriteCond %{HTTP_REFERER} !^http://(www\.)?(sub1\.|sub2\.|etc\.)?|/.*)?$ [NC]take care of any cheats? Or am I misunderstanding the nature of “.*” in this construct?

FYI, y’all. is now a porn portal so don’t bother going there. It seems likely there are other such utilities out there…but I just uploaded a page on another domain with a hotlink to an image on the site I’m testing. After a CNTR+F5 (forced refresh to stop viewing images in cache) it worked.

In contrast to others in this thread, I actually wanted to prevent general hotlinking with the exception of google’s image search/database. I have no prol with google indexing or linking to my site’s images…it’s another way to get people to my site. Preventing hotlinking won’t prevent people from capturing your photos anyway, taking a photo is a simple print screen away. In summary, I don’t want other people sucking up bandwith through hotlinking but I do want people to find me through google searches and image searches! So I tried this…I hope it works…if you want to know, email me in a couple of weeks and I’ll be able to let tell you:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
RewriteCond %{HTTP_REFERER} !google. [NC]
RewriteRule .(gif|jpg)$ [R,L]

By the way, the ‘Smarter Image Hotlinking Prevention’ tutorial on List Apart is great if you’ve got time for such things.
But if you’re designing a site for someone who’s not really, really savvy or using a CMS then it’s probably not going to work for you.