Hotlink protection problems



So I’ve enabled the Hotlink protection feature found in “Scrape Shield” in the Cloudflare dashboard, but I’m having a few problems.

Unfortunately, when that option is activated, images from my site are not displayed anymore in my news letter and news feed which are hosted by feedburner and mailchimp. Since there is no option to allow specific domains to hotlink, there’s no way to disable hotlink protection for sites that need to access to my images.

I also noticed that hotlink protection does not support the webp format. That also creates another problem when using Google’s pagespeed module, since pagespeed converts all images to the webp format. So hotlink essentially does not work with webp images.

Last but not least, since Cloudflare’s hotlink protection does not currently work for my site because of the reasons mentioned above, I then need to implement my own solution on my web server. But that also seems impossible with Cloudflare activated since once the images are cached, Cloudflared serves the images before the request gets to my web server. So any kind of rewrite attempt is basically ignored.

So basically, I currently have no way of enabling any kind of hotlink protection, and I recently noticed various sites are linking to my site, so I don’t really know what to do.

Any help would be appreciated,

Thank you.


In the past, I’ve used a hotlink-ok directory for newsletter images:

There’s also this:


Thanks @sdayman.

I’ve already read those links (and pretty much everything that covers hotlink protection on Cloudflare), but unfortunately, that doesn’t really help me out.

Since I cannot setup hotlink protection on my own server because Cloudflare is the one caching and serving the images, it would be incredibly useful to have an option that enables adding a list of allowed referrers in Cloudflare’s own hotlink protection system. This is how we normally do it with Nginx and Apache, and it’s the easiest way to do it in my opinion.

Another interesting option that could be added would be one where you can upload a custom image that replaces the hotlinked images on the wrongdoer’s site. That way, you can send them a clear message with that image and deter them from hotlinking to other images.

On the other hand, if anyone knows how to setup hotlink protection on a web server (Nginx preferably) behind Cloudflare, I would be really interested in knowing how to do it.

Thank you.