Cloudflare Setup Tutorial to Prevent Website File Hotlinking

2026年5月13日

Cloudflare has a default Hotlink protection feature, but this only supports hotlinking prevention for images and not other file types.

For example, if you have a zip file that you don’t want other websites to access, you’ll need to use Cloudflare WAF firewall rules.

1. Security – Firewall Rule Settings: A Blocking Rule

(http.host eq "wenjian.laozcgai.com" and not http.referer contains "laozcgai.com")

The code snippet describes a method to prevent access to a website. It states that if the hostname is wenjian.jingxialai.com but the referrer does not contain jingxialai.com, access will be blocked.

In this case, other domains accessing the file or a browser directly will encounter an “Access denied Error code 1020,” meaning access is refused.

2. Disable Hotlink protection in Scrape Shield.

Other notes:

This setting only prevents other websites from accessing your website’s files, but it does not prevent third-party client software from accessing your website’s file addresses.

Cloudflare Setup Tutorial to Prevent Website File Hotlinking

Related Posts

The difference between `return` and `rewrite` in Nginx and their syntax

Install qBittorrent service on Linux Ubuntu server

Tutorial on installing the open-source PDF processing tool Stirling-PDF using BT Panel

Select Language