Block certain domain and their subdomain from hotlinking images

I have enabled hotlink protection in Cloudflare but it is not working for webp format. Is there any way to enable hotlink also for webp? and if not then can you tell me how to stop .example.com and their all subdomain from linking my sites images (webp and all other fomarts)?

You can use Firewall Rules to block unwanted referrers. Something like:

Make sure you test to make sure images still load properly within your own site.

I tried but nothing happened as still images appear on other sites (basically images are hotlinked by .blogspot.com sites) does it takes time to work? also, how can I allow good bots like google, bing, Pinterest, etc?

Sorry, I messed up the syntax. Working on it now…

OK, I will wait for the response and thanks in advance.

Try this in the Expression editor window:

(not http.referer contains "mydomain" and ((http.request.uri contains "webp") or (http.request.uri contains "jpg")))

If it really is just webp you’re trying to block hotlinks with this rule (because regular protection is working for the others), you can just X out the jpg line in my original screenshot.

Yes, regular protection is working for other formats except for webp. So only for webp is this is the correct expression

(not http.referer contains "mydomain" and http.request.uri contains "webp")

1 Like

above expression works but it also not allow direct link access. I mean when i open image link directly i got Error 1020

If you’re just targeting blogspot, then you can flip the rule to Referer CONTAINS blogspot

But that will allow anybody else to hotlink to the image. Direct Link access means the referrer is blank, but hotlinkers/scrapers could easily just not send a referrer as well, so allowing blank referrers isn’t a great solution.

1 Like

when i allow blank referrer hotlink for webp stop working and when i remove it works.

If you want to allow blank and your domain as referrer:

(not http.referer contains "mydomain" and http.referer ne "\"\"" and http.request.uri contains "webp")