Learn cPanel

Controlling your Web Hosting Account has never been that easy thanks to cPanel web Control Panel!

• Last Updated: 01/29/2020
• ( 4 minutes reading )

How to prevent bandwidth steal with Hotlink Protection in cPanel

Introduction

Often, in HTML, static resources such as images, stylesheets, JS files, CSS files, and all types of media files might be included from sources that are not local to the website they are used on or, in other words, hosted on remote servers. Imagine that you have a fantastic nature photography website where you have uploaded and displayed multiple authentic and original photos.

All of a sudden, some of the visitors accessing the site decide that some of your images are perfect for their website and would like to use them there. This is quite an easy task and can be achieved by simply adding the direct URL to the image, including your domain.

By using this direct URL, the visitor inserts the image into their website. Any visitor to that website will then view the same image; however, instead of generating bandwidth on the visited website, it will generate bandwidth on your website. This means that your website's web server will not detect that as a visit to your website, but bandwidth will still be generated. If you are using a Dedicated Server or a VPS, generating bandwidth may not be an issue, however, if you are using shared web hosting plans, using an excessive amount of bandwidth could exceed the capability of your plan, and you may run into issues with your provider and be forced to upgrade your plan without being the one who actually generated the bandwidth!

This process is often referred to as bandwidth stealing from another website, and in the following lines of this tutorial, we will show you a Security feature of cPanel that can prevent such behavior. 

 

Accessing the Hotlink Protection feature in cPanel

Before we can move ahead with this tutorial, you will have to log in to the cPanel service

Once logged in, you will be presented with a complete list of the features cPanel has to offer. To access the "Hotlink Protection" feature, please either search for it by using the search tool displayed at the top of the page or you can locate the "Security" features group in which you will find the "Hotlink Protection" feature. 

 

hotlink-protection-functionality

 

Clicking on the feature will take you to the default page for the same where you will find more information on what the purpose of this feature is and also some additional tools that we will discuss further in this tutorial. 

 

Enabling and Configuring Hotlink Protection in cPanel

As we have explained initially in this tutorial, hotlinking a static resource from one website to another is referred to as Hotlinking. To protect the static resources of your websites being hotlinked, you will first have to enable the protection. To do that, please click on the "Enable" button displayed at the top of the page. 

 

enable-hotlink-protection

 

cPanel will then redirect you to a new page where you will receive information on what domains/subdomains are allowed to hotlink static resources from your website. Typically those will be only the domains/subdomains that you had already added to your cPanel Web Hosting Account. Right below the list of domains/subdomains, you will find the protected static resources listed as file types.

Please go back to the default page for the "Hotlink Protection" feature by clicking on the "Go Back" link at the bottom of the page so you can continue with this tutorial. 

Now that the "Hotlink Protection" is activated, let's see what other configurations can be used. The next section displayed in the "Hotlink Protection" default page is the "Configure Hotlink Protection" section. In it, you will find a few options that you will need to configure:

  • URLs to allow access - Please use this content box to type in any domain/subdomain that should have direct access to the static resources available on your website. 
  • Block direct access for the following extensions (comma-separated) - Please use this content box to type in the exacty file extensions that should be restricted for hotlinking. 
  • Allow direct requests (for example, when you enter the URL of an image in a browser) - Please use this check box to enable the added resources to be accessible when viewed directly. If added on other websites as links, they will not be displayed at all.
  • Redirect the request to the following URL - Please use this text field to specify the URL to which all requests for static resources from your website will be redirected. 

Once you are ready with the configuration, please click on the "Submit" button so the performed configurations can be saved. 

 

submit-hotlink-protection-specifications

 

That's it! Congratulations, you are now fully aware of how to protect the static resources of your website from being linked by other websites. This will allow you to spare some bandwidth and to protect your intellectual property from being used without your consent. 

...
Nikola Zgurev
Technical Support Captain

Nikola is an accomplished tech-savvy extraordinaire with over six years of experience in the web hosting field. He started as a customer care representative and quickly rose the ranks to become a support supervisor and, eventually - the head of the technical department in HostArmada. His deep understanding of the client's needs, combined with his technical knowledge, makes him the perfect man to create the ideal harmony between client satisfaction and professional problem-solving. You will often find him creating helpful tutorials, articles, and blog posts that help existing customers get around.