Protecting your images, CSS and Javascript files from being used by external sites with Apache?

Question

I came across a site that demonstrated a Javascript library and it asked that you please not link to the Javascript file directly from your site. That's a reasonable request. In fact, it wouldn't have occurred to me to do that instead of hosting it myself but I guess will try and save on bandwidth any way they can.

This got me thinking: does Apache (in a shared hosting environment) come with any simple means of either preventing this or at least making it a little more difficult by looking at the HTTP_REFERRER or the likes? Or perhaps even just ensuring you have a PHP session?

Answer 1

This is a fantastic tutorial that I keep bookmarked all the time. It may describe how to prevent hotlinking on images, but it is easily adaptable to other types of files, such as javascript or CSS.

See if that's what you need. :)

Answer 2

Using an htaccess file you can do this.

Simply create a .htaccess file in the directory of the files you wish to protect with the following inside it:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com(/)?.*$ [NC]

For more information and some other things you can do to prevent hot linking at the web server level see Dev Papers article on Preventing Hotlinking