Preventing Image Leeching

By Deane Barker on July 21, 2004

Smarter Image Hotlinking Prevention: Here’s a great antidote for hotlinkers — people who embed images from YOUR Web site in their page (so they get the image at your bandwidth expense). This system will prevent images from loading in pages not on your site.

These fixes aren’t uncommon, but this one takes the extra step of allowing you to “frame” a direct image link in an HTML page that gives you credit, like this. Note the URL.

The weakness behind a lot of these systems is that they’re based on the HTTP_REFERER. When an HTML page requests an image due to an IMG tag, it sends the address of the page as the HTTP_REFERER header. The theory being that you should check that referrer to make sure it matches your site — if not, the image is being requested from a page on a site other than yours.

However, this is screwed up by people (like me) who set their browsers to not pass a referrer (for good reasons like this one). The system detailed here will exempt any request with a blank referrer field, so people like me will still see leeched images, but we’re the vast minority, so it’s probably not a big deal.

Incidentally, this tutorial is a great demonstration of the power of Apache directives — namely mod_rewrite. Apache rules.

(I have a small problem with image leechers on this site. There are a couple sites out there that reprint entire posts from Gadgetopia — not just excerpts, they take the entire post and put it on their site.

That doesn’t concern me so much, except that they never save the image to their site and change the HTML. They leave the HTML as it is, and since it contains an absolute URL in the IMG tag, they end up leeching my bandwidth.)



  1. The trick to stop people leeching is to swap the image for something offensive, derisive or instructive. Point your page to the oroginal image with a new name, put the new image in with the original name.

    Leech displays image that may not be quite what was expected.

Comments are closed. If you have something you really want to say, tweet @gadgetopia.