Cloudflare Docs
Firewall Rules
Visit Firewall Rules on GitHub
Set theme to dark (⇧+D)

Exempt partners from Hotlink Protection

When enabled, Cloudflare Hotlink Protection blocks all HTTP referrers that are not part of your domain or zone. That presents a problem if you allow partners to use inline links to your assets.

However, with firewall rules you can maintain hotlink protection while allowing inline links from your partners.

This example uses the http.referer field to target HTTP referrals from partner sites.

The not operator matches HTTP referrals that are not from partner sites, and the action blocks them:

ExpressionAction
not (http.referer contains "example.com" or http.referer eq "www.example.net" or http.referer eq "www.cloudflare.com")Block