Hotlink pictures - redirect traffic to the source website

I have a customer with an ecommerce Magento 1.9.x website.  We have discovered that our hosting package bandwidth usage has gone up considerably.  It appears that some of our product pictures on the site are victim of hotlinking.  I have found some references on how to stop the hotlinking or replace it image when hotlinked.  For example: https://alistapart.com/article/hotlinking/  However, I was wondering is there a way to give the user that viewed the "hotlinked" picture from the remote site, a link back to our site.  If their going to steal our pictures/bandwidth, then maybe we can redirect their visitors to our site??
David BarmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David S.Consultant & Challenge SubduerCommented:
No, that would be a huge security hole, if you could do that. However, you could redirect hotlinked images to an image that shows nothing but a message about unauthorized use and the URL for your customer's site.

I recommend you check the "referer" (sic) header but allow a blank value since many more browsers aren't sending them these days in an attempt to regain some privacy.

Also it may be worth adding watermarks to the product photos.
Julian HansenCommented:
Not sure if this was covered in the article but you could redirect all image requests to a script.

The script checks a session variable or cookie to see if the request is coming from someone who loaded the page and if so it just readfile's the image out - if not you can do whatever you want in terms of what you send back.

Something like this

In your site pages you add a session
<?php
...
session_start();
$_SESSION['images'] = 1;

Open in new window

In your verify script you do this
<?php
session_start();
header('Content-type: image/png');
if (isset($_SESSION['image'])) {
	readfile($_GET['img']);
}
else {
	readfile('images/no_hotlink.gif');
}

Open in new window

In your .htaccess you implement a rule to redirect all image requests to your verify script.

Working sample here
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Julian's PHP works well + involves PHP, so can cause problems for high traffic sites.

For high traffic sites, use the following in either your .htaccess file or Apache VirtualHost config stanza...

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)your-site-here.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$ - [F]

Open in new window


Add in any additional file extensions, like .mp4 + .mkv or any other heavy weight files anyone might hotlink.
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

David BarmanAuthor Commented:
David Favor:  How would we replace the image with a new image?
Julian HansenCommented:
@DavidF the purpose of the code was to provide an alternative to a REFERRER based solution.

@DavidB: If you want to send back a different image then just do this

(From the following link https://mediatemple.net/community/products/dv/204644230/prevent-hotlinking-with-a-htaccess-file)
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)example.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.example.com/angryman.gif [R,L]

Open in new window


The example given by DavidF is in this article as well so you can mix and match as required.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David BarmanAuthor Commented:
Thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.