Image hotlinking occurs when unauthorized websites link directly to your image assets, stealing your server bandwidth to load content on their own pages. Using the IIS URL Rewrite module in your web.config file, you can inspect the incoming HTTP Referer header. If a request for an image originates from an unapproved external domain, IIS will automatically block it with a 403 Forbidden error.
Stop Image Hotlinking
[ASP.NET - web.config (Stop Image Hotlinking)]
CFFCS | CarrzSynEdit: | ASP.NET (VB/C#)
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Prevent Image Hotlinking" stopProcessing="true">
          <match url=".*\.(gif|jpg|jpeg|png|webp)$" ignoreCase="true" />
          <conditions>
            <add input="{HTTP REFERER}" pattern="^$" negate="true" />
            <add input="{HTTP REFERER}" pattern="^https?://(www\.)?(yourdomain\.com|trustedsite\.net)" negate="true" ignoreCase="true" />
          </conditions>
          <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Direct linking to images is prohibited." />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

Add in as many websites as you want to have access to your image.
Example: (yourdomain\.com|trustedsite\.net)
To add more, pipe them in like this.
(yourdomain\.com|trustedsite\.net|newsite\.com|childsite\.com)
Show an image when someone is hotlinking your images.
[ASP.NET - web.config (Stop Image Hotlinking w/ StopStealing image.)]
CFFCS | CarrzSynEdit: | ASP.NET (VB/C#)
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Prevent Image Hotlinking - Show Warning Image" stopProcessing="true">
          <match url=".*\.(gif|jpg|jpeg|png|webp)$" ignoreCase="true" />
          <conditions>
            <add input="{HTTP REFERER}" pattern="^$" negate="true" />
            
            <add input="{URL}" pattern="no-hotlinking\.png$" negate="true" ignoreCase="true" />
            
            <add input="{HTTP REFERER}" pattern="^https?://(www\.)?(yourdomain\.com|trustedsite\.net)" negate="true" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" url="/images/no-hotlinking\.png" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

Two Critical Adjustments to Notice:
  • The Infinite Loop Shield (): You must add a condition that exempts your warning image (no-hotlinking.png) from the rule. If you don't, when the thief's site tries to load your warning image, IIS will see the thief's referrer, trigger the rule again, try to serve the warning image again, and crash into an infinite loop.
  • The Action Tag: Notice that type="CustomResponse" was changed to type="Rewrite", and the url attribute points to the relative path of your warning graphic.
How to design the warning image:
Create a lightweight .png or .webp file named no-hotlinking.png and place it in your images folder. You can make it say something witty like "Bandwidth Theft Detected!", show a broken image icon with your logo, or explicitly state "This content is hosted by [Your Radio Site]" to siphon their traffic back to you!
Other Articles Related to this Entry.How to Stop Website Content Theft and Clickjacking Using Content-Security-Policy (CSP)«