So I was playing around with hotlink* protection today. I thought I was having some kind of problem with my web server's configuration because none of the protected files would load on my home computer. It turns out that hotlink protection uses HTTP referrers to determine if a request should be allowed, and my firewall blocks referrers by default.

This could be problematic. I want to use hotlink protection to keep other people from scamming my bandwidth, but it's not reasonable to expect all of my visitors to add custom rules to their firewall just for me.

*What is a hotlink? A hotlink is an object inserted on one site that is loaded from another site. For example, if someone inserts an image stored on my webspace into their own site, whenever their site is displayed the image loads from my site. Flickr and Photobucket are examples of sites that are designed specifically for hotlinking images. You upload your photo to Flickr's servers and then you use that photo somewhere else.

Removing the ability to do that kind of thing might sound mean, but bandwidth isn't free. Sharing my bandwidth with the world does not also share my bandwidth costs with the world.