PHP Code for Anti Hotlinking

PHP code for anti hotlinking

Image hotlinking is usually detected by referer, but it won't work when:

  • user has turned off referer sending in his browser (I have this for privacy purposes)
  • page is viewed via HTTPS (browser shouldn't send referer data).

You'll block your actual users from viewing images.

Consider using sessions / cookies when dealing with this problem. You'll have to pass every image via php script then.

Preventing hotlinking by image resolution with .htaccess and PHP?

Hotlink detection is often based on checking the referer (sic!).

You could easily add a filesize check in your delivering php script:

if (filesize(FILENAME) > 30*1024*1024) {
    if ($_SERVER['HTTP_REFERER'] != '' && strpos($_SERVER['HTTP_REFERER'],'http://www.yourdomain.com/')===0) {
       header("Status: 500);
       echo "Hotlinking not allowed";
       exit(0);
    }
}

See PHP code for anti hotlinking, there are also some other examples which use Cookies (i.e., a php session to check if a user is authorized to view a picture).

Hotlinking protection, however, always has some possible limitations: Not all clients are sending http referers (sic!), especially on https those are often missing, and not all clients are accepting cookies.

.htaccess anti-hotlinking for one specific folder

Have you tried this in your root's .htaccess?

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTP_REFERER} !^$
  RewriteCond %{HTTP_REFERER} !^http://mywebsite.com/my-uploads/my-directory.*$ [NC]
  RewriteRule \.(pdf|doc|docx|odt|rtf|txt)$ [R=302,L]    
</IfModule>

Else, you can always add specific rules in an individual .htaccess inside that folder.

Prevent hotlinking from harassing domain by showing an image or iframe? .htaccess

You might consider the following? :

http://www.cyberciti.biz/faq/apache-mod_rewrite-hot-linking-images-leeching-howto/

http://underscorebleach.net/jotsheet/2004/11/stop-image-hotlinking-tutorial-htaccess-apache

http://altlab.com/htaccess_tutorial.html

-or-

http://bit.ly/ImCQOa


Related Topics

How to Remove All Numbers from String

How to Know Which Version of the Internet Protocol (Ip) a Client Is Using When Connecting to My Server

Codeigniter: How to Do a Select (Distinct Fieldname) MySQL Query

Curl File Uploads Not Working Anymore After Upgrade from PHP 5.5 to 5.6

How to Get the Home Directory from a PHP Cli Script

How to Convert a String to an Array in PHP

Flat PHP Array to Hierarchy Tree

PHP Multiple Curl Requests

Cannot Start Session Without Errors in PHPmyadmin

How to Specify Multiple Return Types on PHP 7

Unique Key Generation

Troubleshooting "The Use Statement with Non-Compound Name ... Has No Effect"

"Web Interface" to PHPunit Tests

Change Woocommerce Default Password Security Level

PHP Difference Between Notice and Warning

How Download Big File Using PHP (Low Memory Usage)

Alternative to File_Get_Contents

How to Clear PHP's Gettext Cache Without Restart Apache Nor Change Domain


Leave a reply



Submit