How To Setup Hot Link Protection On Your Server

Hotlink protection is a technique used to prevent other websites from directly linking to your website’s assets (such as images, videos, and other media) on their own pages. This can help you save bandwidth and ensure that your content is only displayed on your own website. The exact steps to set up hotlink protection may vary depending on your web server software, but here’s a general guide:

1. Apache Web Server:

If you’re using the Apache web server, you can enable hotlink protection using the mod_rewrite module and the .htaccess file.

Follow these steps:

Access your server: Connect to your server using an FTP client or SSH.

Navigate to the root directory: Go to the root directory of your website where your .htaccess file is located.

Create or edit the .htaccess file: If you don’t have an .htaccess file, create one. If you do, open it.

Add hotlink protection rules: Insert the following code into your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Replace with your actual domain name. This code blocks requests for image files (jpg, jpeg, png, gif) from all domains except your own.

Save and upload: Save the .htaccess file and upload it to your server.

You might also want to check this for more .htaccess tips on apache server

2. Nginx Web Server:

If you’re using Nginx, you can achieve hotlink protection using the ngx_http_referer_module. Here’s how:

Access your server: Connect to your server using SSH.

Navigate to the configuration directory: The Nginx configuration files are usually located in /etc/nginx or a similar location.

Edit the configuration file: Open your Nginx configuration file for the specific website (usually located in the sites-available directory) using a text editor.

Add hotlink protection rules: Inside the server block, add the following code:

location ~ \.(jpg|jpeg|png|gif)$ {
    valid_referers none blocked;
    if ($invalid_referer) {
        return 403;

Replace with your actual domain name.

Save and test: Save the configuration file and then test the configuration for syntax errors by running sudo nginx -t. If there are no errors, reload Nginx with sudo systemctl reload nginx (or the appropriate command for your system).

Remember to adjust these instructions based on your specific server setup and needs. It’s also important to regularly test that the hotlink protection is working as intended and not causing any unintended issues with legitimate access to your website’s assets. I have implemented this on many websites that I own and operate. Feel free to contact me if you need any help in implementation of the same.

You Might Also Like