This Is a tutorial on using and configuring hotlink protection, i hope this well help anyone having any difficulties with this!

What Is Hotlink Protection?
HotLink protection prevents other websites from directly linking to files on your website. Other sites will still be able to link to any file type that you don't specify below (IE. HTML files). An example of hotlinking would be using a <img> tag to display an image from your site from somewhere else on the net. The end result is that the other site is stealing your bandwidth. You should ensure that all sites that you wish to allow direct links from are in the list below. The best thing to do is add all sites you own to the list, and any sites you want to allow to use your files.

Why do i need Hotlink Protection?
Generally, most people do not need Hotlink protection, i would only normally reccommend people use hotlink protection if somebody was linking to some of there files and causing them to use up a lot of bandwidth that they wouldn't normally.

First things first:

To use hotlink protection you must first login to your control panel using :
http://www.lunarpages.com/login.php or http://www.yourdomain.com:2082
or http://www.yourdomain.com/cpanel/ or the secure logins https://server.lunarpages.com:2083/ and http://server.lunarpages.com/cpanel

Making sure of course to change 'server' for your server and 'yourdomain.com' for your domain

You will then be prompted to press a button with the text 'Proceed To Control Panel' on it, This is just added security, just Press it and carry on...

Inside your control panel
Here you see a screen full of information about your account and lots of Icons which you would use to control/change most of the settings of your account, add or update pages, and a lot more, for hotlink protection you want to find and click this Icon:



Inside Hotlink Protection
When you get inside the hotlink protection area, you will see at the top of the page whether your hotlink protection is enabled or disabled, hotlink protection is disabled by default so if you wish to use it then you must manually activate it yourself.

Activating Hotlink Protection
To activate Hotlink Protection you simply need to push the activate button:



This button is also used as a 'save' button when you make any changes.

Configuring Hotlink Protection
So you want to configure hotlink protection.  Here's what you need to know, which sites do you want to allow access your files? what file types do you want to allow them to access? do you want your files (mostly images) to be directly linked (ie. entering the url to an image in your browser)?

keep in mind that places like forums and sites you may have joined may need access through your hotling protection, e.g. i have an Avatar image here on LunarForums, and if i dont allow the lunarforums.com domain through my hotlink protection, it wouldn't show.

Adding Allowed Sites
To add a site to your allow list is actually really easy, all you need to do is type it into the text box provided on the Hotlink Protection page, you will notice that any sub-domains, parked domains or addon domains you have will already be in the list. CPanel does this for you automatically for you as sites on your account must be able to access your files to work!

Below is my list of allowed sites, as you can see i have a few sub-domains and also Lunarforums.com added in there, i may have missed 1 or 2 because i dont actually have hotlink protection turned on anyway!



you must always include your links with and without the www. as different people use different ways to access sites.  Al you need to do is add each site onto a new line as shown above!

Choosing file types
In the files types box you would normally on have the defaults, as people hotlink your files would normally only use the images, in the box below you just type all the extensions you want to allow to the sites in your allow list, for instance if you put .php they would be able to use the php 'include' code to include your pages into there sites, it's normally preffered to just allow images unless you specifically want to allow them something else.



Direct Connections
if you want to allow direct connections to your images/files e.t.c. then you tick the next box, allowing direct connection means somebody could link to your images, and having it open in a new window, so if you had photos on your pages, they could have a link to them opening in a new window, and it would still appear to be there site, this is the most common way of stealing your bandwidth, i reccommend you leave this box unticked!



Disabling Hotlink Protection
I believe this one speaks for itself.



If i made any spelling mistakes, mistakes in the information, or you think something should be added/changed, please let me know!

I turned on hotlink protection today. When I was going through the log of the last 300 users, I found something that seemed to indicate they were denying someone access. But the page is on my own site so I don't understand why a 403 error would have been generated. The referrer was yahoo for a search on "Thai Jasmine Rice." Do I need to list Yahoo as an accepted site?

   
/features/jasrice.html
   Http Code: 200   Date: Aug 29 16:44:13   Http Version: HTTP/1.1   Size in Bytes: 13904
   Referer: http://search.yahoo.com/search?fr=sbc-web&tab=&p=Thai+Jasmine+Rice&btn=Search
   Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; YPC 3.2.0; yplus 4.1.00b)
|
|
|
   
/images/jasrice.gif
   Http Code: 403   Date: Aug 29 16:46:48   Http Version: HTTP/1.1   Size in Bytes: -
   Referer: -
   Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; YPC 3.2.0)
|
|
|
   
/images/steamersm.jpg
   Http Code: 403   Date: Aug 29 16:46:48   Http Version: HTTP/1.1   Size in Bytes: -
   Referer: -
   Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; YPC 3.2.0)

Hotlinking is supposed to prevent access from all external sources so email would be included in that and there is no way to differentiate between different external sources.

I was referring to clicking a link in a message to go view the image in a browser. It appears a few folks can access that way, but most have to copy/paste the link into the browser. It's no big deal. I think this time around I'll make an unprotected temp directory for such images and just delete the images regularly. I just use the method for comps, approvals and such, especially with deadline work, since some clients don't receive e-mail attachments.

Could you give us the full domain name so we can take a look? Or PM one of the mods or staff members and we can see what is the problem.

Thanks!

Is the domain an "addon" domain or your main domain?

Please provide a link to your website so we can help you better.

Go ahead and activate "hotlinks protection" again. I want to check out something from your website once you do it.

If you can't add new urls to Urls to Allow Access, you would need to edit the .htaccess file and add the new urls.

I, too, would recommend that you manually create/edit allow URLs for hotlinks protection, because if you do other things to your .htaccess file, cPanel's hotlinks protection could make things quirky if you keep activating/deactivating it (I had this happen in the past, thus I no longer use the hotlinks protection via cPanel and instead manually edit my .htaccess file now since I have a whole slew of things inside of my .htaccess file  )

Here's the code for the hotlinks protection portion of the .htaccess file:


The * (asterisk) prefixing "maindomain.com" takes care of subdomains on your primary/main domain.

If you have a personal SSL certificate on your domain, then you also need to include that too (create an URL with the "https" prefix). You only need to do it for the domain name you put the SSL certificate on.

The above code will also take care of www and non-www prefixes and the trailing forward slash issue.

Go to your root public_html folder and look for your existing .htaccess file. Open it up via a text editor (ex: NotePad, WordPad, etc.) and replace any code that looks like the above, with the code shown above, then replace the above listed domain texts with your appropriate domain names.

If you have addon domains with their own .htaccess files, you might need to replicate the code there, too (subfolders' .htaccess files take precedence for certain things over the root public_html's .htaccess file). If you don't have an .htaccess file in your addon domain's folder, then the root public_html's .htaccess file will apply.