How to prevent bandwidth steal with Hotlink Protection in cPanel

2 min read

Introduction #

Often in HTML static resources like images, stylesheets, and js files might be included from sources that are not local for the website they are used on or in other words, hosted on remote servers. Imagine that you have awesome nature photography uploaded and displayed on your website. Then a visitor decides that the image is perfect for their website and would like to take it. Typically this can be achieved by simply using the direct URL to the image including your domain. By using this direct URL the visitor then inserts the image on their website. Any visitor of that website will then view the same image generating bandwidth on your website. This means that the web server of your website will not detect that as a visit on your website but bandwidth will still be generated. This is often referred to as stealing bandwidth from another website and in the following lines of this tutorial, we will show you a Security feature of cPanel that prevents such behavior. 

Accessing the Hotlink Protection feature in cPanel #

Before we can move ahead with this tutorial you will have to login to the cPanel service. 

Once logged in, you will be presented with a complete list of the features cPanel has to offer. To access the “Hotlink Protection” feature, please either search for it by using the search tool displayed at the top of the page or you can locate the “Security” features group in which you will find the “Hotlink Protection” feature. 

Accessing the Hotlink Protection feature in cPanel

Clicking on the feature will take you to the default page for the same where you will find more information on what the purpose of this feature is and also some additional tools that we will discuss further in this tutorial. 

Enabling and Configuring Hotlink Protection in cPanel #

As we have explained initially in this tutorial hotlinking a static resource from one website in another is referred to as Hotlinking. To protect the static resources of your websites being hotlinked you will first have to enable the protection. To do that, please click on the “Enable” button displayed at the top of the page. 

Enabling Hotlink Protection in cPanel

cPanel will then redirect you to a new page where you will receive information on what domains/subdomains are allowed to hotlink static resources from your website. Typically those will be only the domains/subdomains that you had already added to your cPanel Web Hosting Account. Right below the list of domains/subdomains, you will find the protected static resources listed as file types.

Please go back to the default page for the “Hotlink Protection” feature by clicking on the “Go Back” link at the bottom of the page so you can continue with this tutorial. 

Now that the “Hotlink Protection” is activated let’s see what other configurations can be performed. The next section displayed in the “Hotlink Protection” default page is the “Configure Hotlink Protection” section. In it, you will find a few options that you will need to configure:

  • URLs to allow access – Here you can add any domain/subdomain that should have direct access to the static resources available on your website. 
  • Block direct access for the following extensions (comma-separated) – Here you can specify the concrete file extensions that should be restricted for hotlinking. 
  • Allow direct requests (for example, when you enter the URL of an image in a browser) – If this option is selected static resources will be unavailable for inclusion in the code of other websites, however, if accessed directly in the browser those will still be displayed. 
  • Redirect the request to the following URL – You can specify the URL to which all requests for static resources from your website will be redirected. 

Once you are ready with the configuration, please click on the “Submit” button so the performed configurations can be saved. 

Configuring Hotlink protection in cPanel

That’s it! Congratulations, you are now fully aware of how to protect the static resources of your website from being linked by other websites. This will allow you to spare some bandwidth and to protect your intellectual property from being used without your consent. 

Powered by BetterDocs