Hi all,

I just read the following post on excessive bandwidth use and hotlinking:
http://expressionengine.com/forums/viewthread/42606/

I didn’t want to hijack the thread so here’s my own. Like e-man in the above thread, I am unsure of where to post this but believe this may be valuable to many ee-users. I am about to build a site with lots of video feeds and my client is concerned with bandwidth use. Hotlinking could make things really bad, so I want to rule it out.

- Some sites suggest creating a simple .htaccess file and therein list the domains from which the video feeds can be accessed, i.e.

However, another site suggests posting the following code into the .htaccess file (I just entered some random data):

Which method is more secure? Can anyone share their understanding of this code? Any thoughts or experiences on preventing hotlinking?

I’ve always gone with an htaccess generator myself, as my htaccess/regex skills are lacking.  In short- the second approach. But in part, that’s due to ease of use and lack of skill on my part!

I’m gong to move this one up to the ‘General’ forum, as I think it may get more opinions there.

I’ve used the second method on many, many sites, and it’s worked well in terms of blocking direct image links. Just remember to list all types of files you don’t want hotlinked:

This rule is inherited; so if you put this rule in place on your top-level directory, all directories under it are automatically covered. (Sometimes I’ve run into a situation where someone wants to create a few buttons that *are* hotlinkable - like a branding button or what have you. My solution has been to put those buttons in their own directory, name the files with the extension “.jpeg” to boot (instead of .jpg), and create a separate .htaccess file for that one directory that disallows hotlinking to all file types except .jpeg.

Robin and Lesli, thanks for your advice! Just one more thing: The site I linked to in my original post gives the option of allowing “blank referers”. It recommends allowing those. I don’t quite seem to understand. Can anyone explain what is meant by that? I want people to be able to watch the video feed on my own site. Not on someone else’s site. So I guess blank referers should not be allowed?!

Blank referrers could mean someone that copies a link to your site here and pastes it in a new tab, etc.  Rather than clicking, they’re somehow entering that link (typing or copy paste or whatever).  You want to allow those, imo.

Thanks Lisa!
Just to clarify, we are talking about a direkt link to the video file, right? If the visitor was visiting the page the video feed was on (as opposed to just connecting to the video file) there wouldn’t be an issue, is that right? E.g.: 1) www.site1.org/issues/environmentalissue1/ and 2) www.site1.org/movies/environmental/movie1.mov. Assuming the movie in on page 1), I would want someone to be able to access address 1) but not address 2). If someone could access address 2), he/she would be able to watch the movie in an otherwise ‘blank’ browser window.

I do believe it’s directly the video file. You could modify the .htaccess and test it, that’s what I’d do.

I see! Thanks for that! I will play with it and report back!