Saturday, February 19, 2005

People stealing my bandwidth (and no credit to me!)

I was looking through my web logs recently and found a number of people were displaying my images
on their websites. Sure it is a bit flattering that someone liked my photo of our rug was perfect for the background of their blog or thought that embedding a 1M photo I took of John Kerry and Howard Dean in a high traffic web forums [1 | 2] was a good idea. However they sucked up nearly 200M of my monthly bandwidth quota and didn't even give me credit for the photos. You know, I think that may be the worst part.

So this evening I googled around for the magic Apache configuration commands that would prevent
JPG/GIF images from being embedded in someone else's web page. (ie: one not hosted on

For the record, just pop this in a file named ".htaccess" in the same directory as were the images
are located and it will refuse to let GIF/JPG images to be loaded from other sites.

SetEnvIfNoCase Referer "^http://.*" local_ref=1

<filesmatch ".(gif|jpg)">

Order Allow,Deny

Allow from env=local_ref


Read Ken Coar's Preventing Image 'Theft' tutorial for complete details.


  1. Paul Victor NovareseFebruary 20, 2005 at 4:46 AM


    I had a similar problem, though not quite as severe. I used mod_rewrite to serve up a "bandwidth thief" image instead of just denying the request. My .htaccess file looks something like this:

    > more .htaccess
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^*$ [NC]
    RewriteRule .(gif|jpg|png)$

  2. Oooh! I like that idea. Something that leaves more than an empty image but says "stop that" in a nice graphical way. It would almost be worth any bandwidth you lose!

    I wrote a similar htaccess rule because one image of mine from Finding Nemo was a top ten on Altavista's image search for "Nemo". Hundreds of hits per week just from searching for Nemo. Internet-wide you'd be surprised how many people type that in at AltaVista in a given week. :)