Hotlink Protection
53 views
Security & SSL
<h3>Preventing Bandwidth Theft with Hotlink Protection</h3>
<p>Hotlinking occurs when another website embeds your images, videos, or files directly by linking to them on your server. This consumes your bandwidth without providing any benefit to you. DirectAdmin provides tools to prevent this.</p>
<h3>Enabling Hotlink Protection in DirectAdmin</h3>
<ol>
<li>Log in to DirectAdmin and navigate to <strong>Advanced Features → Hotlink Protection</strong>.</li>
<li>In the <strong>URLs that can access your images</strong> field, enter the domains that are allowed to link to your files. Include your own domain and any CDN domains:
<pre><code>http://example.com
https://example.com
http://www.example.com
https://www.example.com</code></pre></li>
<li>Check the <strong>Allow direct requests</strong> box if you want users to be able to view images by typing the URL directly in their browser.</li>
<li>Specify the file extensions to protect (e.g., <code>jpg, jpeg, png, gif, bmp, webp, svg, mp4, mp3, zip</code>).</li>
<li>Optionally set a redirect URL – visitors from unauthorized sites will be sent here instead of seeing your content.</li>
<li>Click <strong>Enable</strong> or <strong>Save</strong>.</li>
</ol>
<h3>Manual .htaccess Method</h3>
<p>For more control, add hotlink protection rules directly to your <code>.htaccess</code> file:</p>
<pre><code>RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www.)?example.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www.)?google.com [NC]
RewriteRule .(jpg|jpeg|png|gif|webp|svg)$ - [F,NC,L]</code></pre>
<p>This configuration blocks hotlinking for image files while allowing your own domain, Google (for image search), and direct browser requests.</p>
<div class="alert alert-info"><strong>Tip:</strong> Instead of returning a 403 Forbidden error, you can redirect hotlinked requests to a placeholder image informing visitors where the original content is hosted.</div>
<h3>Testing Hotlink Protection</h3>
<ul>
<li>Create a simple HTML file on a different server that references an image on your protected domain.</li>
<li>Open that HTML file in a browser and verify the image does not load.</li>
<li>Confirm images still load normally on your own website.</li>
</ul>
<h3>Excluding Search Engines</h3>
<p>Be sure to whitelist search engine domains (such as Google and Bing) in your allowed referrer list. Blocking search engine crawlers from accessing your images can negatively affect your site's presence in image search results.</p>
Need More Help?
Can't find what you're looking for? Our support team is ready to help.
Contact Support