| [ Team LiB ] |
|
Recipe 6.5 Restricting Images from Being Used Off-SiteProblemOther sites are linking to images on your system, stealing bandwidth from you and incidentally making it appear as though the images belong to them. You want to ensure that all access to your images is from documents that are on your server. SolutionAdd the following lines to the .htaccess file in the directory where the images are, or to the appropriate <Directory> container in the httpd.conf file. Replace the myserver.com with your domain name: <FilesMatch "\.(jpg|jpeg|gif|png)$">
SetEnvIfNoCase Referer "^http://([^/]*\.)?myserver.com/" local_referrer=1
Order Allow,Deny
Allow from env=local_referrer
</FilesMatch>
In fact, by using the following recipe, you can even go one step further, and return a different image to users accessing your images via an off-site reference: SetEnvIfNoCase Referer "^http://([^/]*\.)?myserver.com/" local_referrer=1
RewriteRule %ENV{local_referer| !1 /Stolen-100x100.png [L]
DiscussionThe first solution will cause all requests for image files to be refused with a 403 Forbidden status unless the link leading to the request was in one of your own documents. This means that anyone linking to your images from a different web site system will get the error instead of the image, because the referer does not match the approved server name. Note that this technique can cause problems for requests that do not include a Referer request header field, such as people who visit your site through an anonymising service or who have their browser configured not to send this information. The second solution is similar to the first, except that it substitutes an image of your choice for the one requested, rather than denying the request. Using the values in the Solution, you can construct a Stolen-100x100.png that has whatever admonitory message or perhaps just some picture that will deter the visitor from "stealing" your images. See Also |
| [ Team LiB ] |
|