Hotlink Protection

Preventing Bandwidth Theft with Hotlink Protection

Hotlinking occurs when another website embeds your images, videos, or files directly by linking to them on your server. This consumes your bandwidth without providing any benefit to you. DirectAdmin provides tools to prevent this.

Enabling Hotlink Protection in DirectAdmin

1. Log in to DirectAdmin and navigate to Advanced Features → Hotlink Protection.
2. In the URLs that can access your images field, enter the domains that are allowed to link to your files. Include your own domain and any CDN domains:

   http://example.com
   https://example.com
   http://www.example.com
   https://www.example.com

3. Check the Allow direct requests box if you want users to be able to view images by typing the URL directly in their browser.
4. Specify the file extensions to protect (e.g., jpg, jpeg, png, gif, bmp, webp, svg, mp4, mp3, zip).
5. Optionally set a redirect URL – visitors from unauthorized sites will be sent here instead of seeing your content.
6. Click Enable or Save.

Manual .htaccess Method

For more control, add hotlink protection rules directly to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www.)?example.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www.)?google.com [NC]
RewriteRule .(jpg|jpeg|png|gif|webp|svg)$ - [F,NC,L]

This configuration blocks hotlinking for image files while allowing your own domain, Google (for image search), and direct browser requests.

Testing Hotlink Protection

• Create a simple HTML file on a different server that references an image on your protected domain.
• Open that HTML file in a browser and verify the image does not load.
• Confirm images still load normally on your own website.

Excluding Search Engines

Be sure to whitelist search engine domains (such as Google and Bing) in your allowed referrer list. Blocking search engine crawlers from accessing your images can negatively affect your site's presence in image search results.