Hotlink Protection question

Please help!
How to allow displaying image links on allowed websites. And all is blocked.

If it’s for your site, go here https://dash.cloudflare.com/content-protection, select your domain and disable Hotlink Protection.

5 Likes

I can only block all and turn off all. I want to display images on website I allow. How to?

Hotlink help is located directly under the On/Off

1 Like

But I see other people can accept to display images on websites they want. And all other website is blocked.

It’s actually a really good question. You would have to set up a firewall rule. The rule would have to consider the file being loaded (image extensions) and the referrer object. If the referrer matches your whitelisted domains then load the image, otherwise block the attempt or load some “blocked” image graphic.
Also - make sure you allow good bots to index your images (if you want them to be).

Unfortunately I don’t have much practice in creating firewall rules. Someone else will have to step in here.

1 Like

If I understand correctly then you want to allow your sites to be linked on certain sites, but blocked everywhere else? I turn off the ScraepShield HotLink protection and use a Firewall Rule along the lines of:

http.request.full_uri contains "yoursite.com/assets/" and not (http.request.uri.path contains "/hotlink-ok/" or http.referer contains "allowedsite1.com" or http.referer contains "allowedsite2.com" or http.referer contains "allowedsite3.com" or not cf.client.bot)
then
block

This says that anything under the path /assets/ (so change this to images or whatever is an identifable name of the folder containing the items you want to protect) can only be seen when loaded into pages on sites allowedsite1.com, allowedsite2.com, allowedsite3.com (Your own site must be in this list). This bit about hotlink-ok is to copy existing ScrapeShield functionality which is if you put a hotlink-ok folder in your assets folder the contents of that can be seen everywhere. And the last part of the if condition allows bots such as from search engined to scrape your site to index and archive it. Feel free to remove that, I don’t use it myself but thought it might be useful by way of demonstration of what’s possible.

2 Likes

Good idea:+1:

Nearly exactly what I was thinking. That snippet should be in the Tips section!

This topic was automatically closed after 30 days. New replies are no longer allowed.