Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to prevent hotlinking graphics from the domain?
Answer
Hotlink protection prevents other websites (not your own website example.com) from displaying, linking or embedding the images files that have their origin within the website files of your own website example.com.
This practice is called hotlinking, and it can quickly drain your bandwidth and make your website unavailable, only because other websites are using its content within their own code.
Due to this, it is recommended that you enable hotlinking protection for your the files of your website example.com by using one of the following methods:
If it is WordPress domain, that is required to be secured from hotlinking, it is possible to secure domain in WP Toolkit starting from 3.5.0 version.
-
Go to WordPress > example.com > Dashboard tab
-
Move the Enable hotlink protection slider to the right
Enable Hotlink Protection in Domains > example.com > Hotlink Protection. Refer to the Documentation on how to configure protection settings.
Hotlink protection is yet to be implemented in Plesk for Linux. Take part in our product improvement by voting for this feature on Plesk Uservoice portal.
As workaround, hotlink protection can be enabled via the Apache module mod_rewrite by following these steps:
-
Log in Plesk;
-
Browse to Home > Domains > example.com > Apache & nginx Settings;
-
Add the following rewrite rules to Additional directives for HTTP/Additional directives for HTTPS fields (replace example and .com with your own domain):
Note: Mind part marked in bold that, in Additional directives for HTTPS, it must be changed to HTTPS.
CONFIG_TEXT: RewriteEngine on
RewriteCond % !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/)?.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|png|swf)$ - [NC,F]
If nginx support is enabled on the server, verify that Serve static files directly by nginx option is disabled on Home > Domains > example.com > Apache & nginx Settings page
Then, add the following directives to Additional nginx directives field (replace example.com with your own domain):
CONFIG_TEXT: location ~ ^/(.*\.(jpe?g|png|gif))$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}
Comments
2 comments
This code may work for main domain but how to protect hotlink in a subdomain like community.domain.ext?
Article should show screenshot of linux plesk where you add hotlink protection from the wordpress toolkit (tick box)
Please sign in to leave a comment.