Hotlinking

Hotlinking is known as the act of using another website's bandwidth by linking directly to their website's assets, such as images or videos. For example, say the owner of website A is hosting a particular image on their server. The owner of website B sees that image and decides they want it on their website as well. However, instead of downloading the image and hosting it on their own server, the owner of website B links directly to website A's domain. Therefore, instead of linking to the image via their own domain such as:

• https://websiteB.com/path/to/image.jpg

They would be instead using website A's domain:

• https://websiteA.com/path/to/image.jpg

Hotlinking someone's website assets can vastly increase their hosting costs.

As a website user you should always try to avoid hotlinking assets from other websites. Doing so helps ensure that the original owner of the asset won't incur unnecessary charges and that the asset that you link to won't be inaccessible given that the owner implements hotlink protection or removes the asset. The following are a couple of solutions for avoiding hotlinking.

• Host the assets on your own server. If you have found an image from another website and you would like to use it on your own website, you can upload the image directly to your server and deliver it from there. Doing this will also increase the delivery speed of the asset as the browser does not need to perform an additional DNS lookup.
• Use a third party host. Using images as an example again, if you find an image that you want to link to but don't have a server to upload it to, you can use a third party host. An image hosting service for example will allow you to upload your image and link to it directly within your website or any other location.

In both cases, ensure that you have the proper authority to use someone else's assets (e.g. the owner has given you permission or the asset is part of a creative commons license)

There are some steps that you can take to prevent hotlinking.

Some CDN providers provide in-built hotlinking protection. ^[1]

An alternative way to prevent hotlinking on your website is to directly block specific websites that try to use your content. All you have to do is create a detailed list of websites you don't want using your content, and then block them one by one.

This is one of the easiest and most effective ways to prevent hotlinking. If you notice a spike in traffic or find that numerous sites are hotlinking to a particular piece of content, simply renaming or changing the URL of that content can do wonders.

Platforms such as WordPress have plugins available that prevent hotlinking.

This is a slightly advanced but 100% effective way to prevent hotlinking as it disallows hotlinking from the source server. Use .htaccess (For Apache Servers) OR edit "ngx_http_referer_module" (For Nginx Servers) ^[2]

For Apache Server<syntaxhighlight lang="bash"> RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] </syntaxhighlight>For Nginx Server<syntaxhighlight lang="bash"> location ~ \.(jpg|jpeg|png|gif)$ {

   valid_referers none blocked yourdomain.com;
   if ($invalid_referer) {
       return 403;
   }

} </syntaxhighlight>

The last thing you can do is file a DMCA Takedown request against the website that is stealing your content without your permission. This can be very effective if the website owner refuses to remove the hotlinks to your content.

•  

  A placeholder image used when attempting to hotlink to a website which disallows it.