As far as I can remember, to prevent hotlink in Drupal is not that easy. If you search website to look for prevent hotlink, you will find a lot of them to use with .htaccess file. But those are not for Drupal. You can't just use it in Drupal .htaccess file, that won't work. However, I have a set of code that work great. Actually, I have this code long time ago but I can't remember where I got it from. Thanks for the guy that provide it. Too bad that I didn't save link at that time.
So, now, here is what we have to do :
Create .htaccess file under "files" directory : (Here, I use old Drupal structure. So, my files directory is just one level down from root web folder.)
nano -w /home/admin/public_html/files/.htaccess
Paste code below into it.
.htaccess file under files directory
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 Options None Options +FollowSymLinks # Prevent Hotlink SetEnvIfNoCase Referer "^$" local_ref=1 # Next authorized domains SetEnvIfNoCase Referer "^http://(www\.)?bing\.com" local_ref=1 SetEnvIfNoCase Referer "^http://(www\.)?google\.com" local_ref=1 SetEnvIfNoCase Referer "^http://(www\.)?facebook\.com" local_ref=1 # File extensions that you want to protect <FilesMatch "\.(bmp|jpe?g|gif|png)"> Order Allow,Deny Allow from env=local_ref </FilesMatch>
You can allow some websites to do hotlink to your website. Example above, I allow bing.com, google.com and facebook.com to be able to hotlink from my website.