Re: 'Ops' > Packages > Site Tools > .htaccess > Hotlink Protection

I'm sort of new to this and don't understand some of the jargon! For example, in the area I ref'd above what's accomplished by putting a check mark in the box in front of:

[] Hotlink protect this directory (/www/t/xxxxxxxxxx/) (which is my root, I assume)

In other words, what's a 'hotlink' and why do I want to protect it? Or protect against it!

Help :confused: (Sorry, this is only the start of the questions I think. I've searched, I've read, but without understanding the acronyms and jargon it's like reading latin...)

The problem this is trying to solve is where someone adds to their web page an image reference with the source being your site. This is also referred to as "leeching". So when someone loads the other person's web page, they see your image fetched using your bandwidth allotment.

Unfortunately, the methods of protecting against this are weak. All you can do is add a rule to a .htaccess file which denies access if the referring page is not from your site. But many users' browsers send no referrer and you may also need to allow references from your secure.powweb.com https hostname.

I'm not a fan of this technique except in extreme cases.

If I had my site here on PowWeb referenced in my signature on another forum, would checking the 'hotlink protect this directory' box preclude a user on the other forum from getting to my site if they clicked on the link?

Understand my site is just a hobby! All I use it for is maintaining a log of my RV travels and related information, so I doubt I'll be getting all that much traffic, but I'm still curious and would like to set it up right...

No, it has nothing to do with links. It's when an image or some other content is referenced from your site on a page you didn't create.

For example, I could create a page on my site and put in:
<img src="http://www.kuma11.com/really_cool_picture.jpg"> When someone viewed my page, they would see the picture that was fetched from your site.

A real-world example. Some idiot in Germany on beepworld.de has a page set up claiming they have cats for sale. All of the cats listed have names and prices, but the pictures are actually taken from those of cat shelter web sites around the world, including one I run. I've complained to the admin there, got a response, but no help.

So I have in my .htaccess the following:

RewriteEngine On
RewriteCond %{HTTP_REFERER} beepworld [NC]
RewriteRule [^/]+.(gif|jpg)$ - [F]

This means that if anyone loads a web page with beepworld in its referrer string and they're trying to access a gif or jpg, it denies the request (and the user sees a broken image.) Generic hotlink protection would invert this - it would require that the referrer contain my own domain name (or be empty), otherwise no image.

Thank you very much! Great explanation...