How to Use .htaccess to Block IP Addresses and Prevent Hotlinking
- July 12, 2016
If you’re running a website on an Apache server, your .htaccess file is one of the most powerful tools at your disposal. From managing redirects to enhancing security, it gives you fine control over how your server behaves without touching core server configs.
In this guide, you’ll learn how to:
- Block unwanted IP addresses (like bots and spammers)
- Prevent hotlinking and protect your bandwidth
What is a .htaccess File?
The .htaccess (Hypertext Access) file is a configuration file used by Apache web servers. It allows you to control server behavior at the directory level.
With it, you can easily manage essential server functions like setting up redirects (including 301 redirects and custom 404 pages), password-protecting sensitive directories, blocking malicious traffic, and preventing bandwidth theft through hotlinking protection all without needing complex server-side configurations.
Why Block IP Addresses?
Not all traffic adds value to your website. Spam bots, scrapers, and malicious users can slow down performance, drain server resources, skew your analytics, and drive up bandwidth costs. By blocking these IPs directly through your .htaccess file, you can quickly filter out harmful traffic and keep your site running efficiently.
Block IP Addresses Using .htaccess
Add the following code to your .htaccess file (in your root directory):
# Block IP Addresses <Limit GET POST> order allow,deny deny from 192.168.1.1 deny from 122.171.24. deny from 46.119. deny from 69. allow from all </Limit>
How This Works:
192.168.1.1Blocks a specific IP122.171.24.Blocks the entire range (122.171.24.xxx)46.119.Blocks a wider IP range69.Blocks all IPs starting with 69
Note: Blocking wide IP ranges can accidentally block real users. Always test carefully.
What is Hotlinking?
Hotlinking occurs when another website directly uses your images or files by linking to your server.
This means your server ends up doing all the heavy lifting while your bandwidth gets consumed without giving you any real benefit in return. In simple terms, it’s bandwidth theft, where others use your resources to serve their own content at your expense.
Disable Hotlinking Using .htaccess
Use the following code to prevent other websites from embedding your files:
# Disable Hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?YourOtherDomain.com/.*$ [NC]
RewriteRule .*\.(jpg|gif|png|css|js)$ /images/troll-face.bmp [L]
What This Does:
- Allows access only from your domain(s)
- Blocks external sites from loading your assets
- Replaces stolen content with a custom image (like a “troll” image)
Pro Tips
- Always back up your .htaccess file before editing
- Test changes immediately to avoid breaking your site
- Use logs or analytics to identify bad IPs before blocking
- Keep rules clean and minimal for better performance
Conclusion
Your .htaccess file may be small, but it plays a big role in strengthening your website’s security and performance. By blocking unwanted IP addresses and disabling hotlinking, you can prevent misuse, save valuable bandwidth, and ensure your server runs efficiently. These simple yet effective tweaks give you better control over who accesses your site and how your resources are used making your website faster, safer, and more reliable.
Click on the link to learn more about how to utilize .htaccess file efficiently.
Frequently Asked Questions - FAQ
Joydeep Deb
Senior Digital Marketer & Project Manager
Joydeep Deb is a results-driven Senior Digital Marketer and Project Manager with deep expertise in Lead Generation and Online Brand Management. An IIM Calcutta Alumni with an MBA in Marketing, he specializes in SEO, SEM (PPC), and Web Technologies.
Based in Bangalore, Karnataka - India.