Hotlink protecting image.php and GD images

So you've enabled cpanel's hotlink protection, but those bandwidth theives are still attacking your dynamically generated images. And while we've seen protecting the entire .php extension fix this issue, we have seen cases where it causes problems with the site.

If you need to hotlink protect a single file, you'll want to add the following to the end of your .htaccess. Or if you're having trouble, rename your old .htaccess and start with a blank one for testing, and you can add the other .htaccess info back in once you've secured this issue.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?*$ [NC]
RewriteRule image.php$ - [F]

Obviously, you'll want to change to your actual domain. If there are other domains (parked domains for example or froogle) that should have access, add more lines for those domains as well, using the same syntax.

Then you'll change image.php to the actual name of your php file that generates images. Note that in most cart systems, storing images in the database as php actually can cause your site to load more slowly, since the system has to do a database query for each image. If you can store the images in the file system, we recommend it :).

  • 123 Users Found This Useful
Was this answer helpful?

Related Articles

301 Redirect from non-www to ww -- Without Looping!

So - you want to improve your search engine rankings, and SEO gurus told you that Google might be...

Add IonCube to a custom php.ini (PHP 5.3+)

IonCube is installed by default on the servers, however if you require adding custom settings...

Block a country using mod_geoip

Do you have a list of countries that you want to block access to your site? Have you tried adding...

Force folder to redirect to https mode

Sometimes webmasters need to force particular folders to load in HTTPS mode. This is ideal for...

How do I change my PHP version?

NOTE: If you wish to change the PHP version on a Virtual Private Server (VPS) or dedicated...