 Preventing image theft
Friday, 7 April 2006
We’re getting a little annoyed with some webmasters out there who continue to link directly to some of the images on our website. As far as we’re concerned, this practise equates to theft because they’re using the bandwidth we pay for. By adding these four lines to our .htaccess file, we have now put a stop to the pilfering:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?lutrov\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://.*$
RewriteRule \.(jpe?g|gif|png|bmp)$ - [F]
What this effectively does is check that if the request referrer is not lutrov.com and the referrer is not empty and the referrer starts with http:// the thief will get a nice “403 Forbidden” error page instead.
Of course, this only works for the Apache webserver environment. Furthermore, we also realise that there a small number of isolated cases when this technique doesn’t work due to some people using certain tools to enable them to traverse the web anonymously.
But we can live with that as I’m sure they can too.
|
Thank you for the valuable pointer. I was about to try to hack something with Perl, but I knew there had to be some way to do this in Apache.
FYI, here are some tips that might help others trying to figure this out. I found that in my setup (a virtual host) I had to add two more lines in my .htaccess file before those you listed: "Options +FollowSymLinks +SymLinksIfOwnerMatch" and "RewriteEngine on". Also, the .htaccess file has to be in (or has to cover) the directory from which the images are served. I also had to make sure that my provider set up "AllowOverrides All" (or at least "AllowOverrides FileInfo") in the conf file covering my virtual domain. Seems to work now. I can't wait for the next eBay image thief.
On another topic, thanks for your link to my spam website (http://www.rickconner.net/spamweb/)!