Prevent directory listings

If a directory on your site doesn't contain an index file, a directory listing will be displayed to the user. This can be a security issue if you have directories full of images or archives that you don't want people to be able to view. To prevent this, place the following in your .htaccess file:

Deny by IP

You can deny access to your site by IP address, or with a range of IP addresses.

To deny the IP address 123.45.6.7, you would place this inside your .htaccess:

To deny a range of addresses, for example any address starting with 123.45.6, you could use this:

Preventing hot-linking

"Hot-linking" is when somebody on an external site links to images on your site, effectively stealing your bandwidth every time somebody views their page, as the site owner is displaying or using your images on his site as though they were their own.

You can prevent this by applying access restrictions in .htaccess. If you tell Apache to forbid external requests to image files, but allow internal requests, this will stop most hot-linking activity.

Be sure to change "mydomain.com" to your site.

This block of code tells Apache to check the "Referer" header in HTTP requests, which contains the address of the site that the request came from. If it is empty, or from your domain, access is allowed. If it is not, then the request is denied.

You can even redirect the denied request to an alternative image on your server, for example a "Hotlinking disabled" logo, with the following:

Again, remember to replace "mydomain.com" with your address, and “goaway.jpg” with your own image.