Hotlinking occurs when external websites directly link to files such as images, creating unnecessary bandwidth consumption and potentially slowing site performance. This practice can lead to increased hosting costs and reduced server efficiency. Limiting unwanted file access is a key strategy for preserving resources and ensuring consistent site responsiveness.
The Apache web server provides tools to regulate file access and mitigate hotlinking. One common method involves enabling the mod_rewrite module, which examines request headers and applies rewrite rules to block or allow specific referrers. Adjustments can be made in the server’s main configuration files or through a .htaccess directive within specific directories.
Preventing hotlinking also reduces unauthorized use of hosted content. Restricting direct file requests maintains control over media files and supports a more stable, cost-effective environment. Properly configured policies help keep server load manageable and protect against embedded media abuse by third-party sites.
Steps to disable hotlinking in Apache:
- Enable the rewrite module for Apache.
$ sudo a2enmod rewrite # For Ubuntu, Debian, and SUSE variants Enabling module rewrite. To activate the new configuration, you need to run: systemctl restart apache2
- Distributions with a2enmod support can run the command above without manually enabling the modules.
- CentOS and Red Hat have the module enabled by default, so no manual action is needed.
Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp a2enmod support yes yes no no no no Modules to install none Module name n/a rewrite Loadmodule directive n/a LoadModule rewrite_module <module_locations>/mod_rewrite.so - Locate the directory containing your media files.
- Edit the Apache configuration file or create a .htaccess file in the target directory.
$ sudo vi /etc/apache2/apache2.conf
- Add rewrite rules to restrict access to your media files.
<Directory "/var/www/html/images"> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?anotheralloweddomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] </Directory>
If using .htaccess, the Directory directive is not required.
Directive/Rule Description RewriteEngine on Enables the rewrite engine. RewriteCond %{HTTP_REFERER} !^$ Checks if the referrer is not empty. RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] Checks if the referrer is not from your domain, with or without www, and either http or https. RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?anotheralloweddomain.com [NC] Checks if the referrer is not from another allowed domain, with or without www, and either http or https. RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] Blocks access to JPG, JPEG, PNG, and GIF files if the above conditions are met. The flags used are: NC (No Case - case insensitive), F (Forbidden - sends a 403 Forbidden status code to the client), and L (Last - stops processing further rules if this one is matched). - Save the changes and close the editor.
- Restart the Apache service to apply the changes.
$ sudo systemctl restart apache2
- Test the configuration by accessing the files from a different domain.
Ensure you clear your browser cache or use a different browser to accurately test the configuration.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.