Tuesday, January 5, 2016

Preventing Hotlinking on Web Application

The Hotlinking is a kind of attack where exploiter can simply copy the Web-application code over the random sites with the unrelevant high amount of traffic so that every time there is a request on that page out web-application code would also be loaded , this specially cause problem in case of images, videos, media, css and js. This can choke your network and can exploit too much of your resources.

You can prevent Hotlinking using your webserver. This can easily be done using a simple .htaccess rule in your document root of the webapplication.

 RewriteEngine on
 RewriteCond %{HTTP_REFERER} !^$  
  RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
 RewriteRule \.(jpg|jpeg|png|gif|css|js)$ - [NC,F,L]  

Basically Apache would check the Referer in this case and would only allow the images,css,js files to load if it comes from your domain. If any other domain would try to load the Images, css, js files it would fail to do so and thus preventing you from the Hotlinking


Post a Comment