Page 1 of 1

Protecting inline elements from being linked directly ...

Posted: Thu Jan 23, 2003 12:22 pm
by puckeye
Hi all,

I want to protect my images from being linked directly from another website. I don't want to pay for the bandwidth while others are showing my art and graphics... If they want to show those they can upload them on their site...

Anyway I was reading something about sessions for another project when I came accros this extern_referer_check which in the text is used to prevent users coming from other PHP sites from taking over a session (highly improbable but there's always a chance).

I think this is to be set in the php.ini file.

Could that also be used to prevent other sites (PHP or otherwise) from linking directly to my images or othe inline elements? I'm already using a PHP script to display the image (loaded from a database) and I use $_SERVER['HTTP_REFERER'] to check out if the request for that image is local or from another server...

As you may well know this is far from foolproof... It depends on a miriad of factors one of those is the browser type and version. Some types or older versions don't send back the referer so the check can't be done and I have to let those pass...

Anywa I wanted to hear your thoughts on this.

apache?

Posted: Thu Jan 23, 2003 2:06 pm
by piuga
if apache webserver and possibility to create local .htaccess file just configure it to not allow access to a directory where you keep your images and stuff.

And yes I read that you got your images in a DB, but I think this is a bad idea (since it eats resources).

my 2 öres...;-)

Posted: Fri Jan 24, 2003 1:41 pm
by puckeye
Why is that a bad idea? Any input I can have on this issue I'll take...

I don't want to stop people from seeing those images, I want to stop other web designer from linking "directly" to my images from other web sites, thus taking my bandwidth but without sending me the visits...

Posted: Fri Jan 24, 2003 1:48 pm
by volka

Posted: Fri Jan 24, 2003 3:11 pm
by fractalvibes
couldn't you have a php script serve up your images?

i.e.
<img src='SomeScript.php?ID=34'>

And have SomeScript.php check the HTTP headers for Referer - if not from your site, substitute a rude image?

Phil J.

Posted: Fri Jan 24, 2003 3:15 pm
by puckeye
Thanks, you are right that's very interesting...

Posted: Fri Jan 24, 2003 3:48 pm
by puckeye
fractalvibes wrote:couldn't you have a php script serve up your images?

i.e.
<img src='SomeScript.php?ID=34'>

And have SomeScript.php check the HTTP headers for Referer - if not from your site, substitute a rude image?

Phil J.
Yeah that's currently what I'm doing. The problem is that not all browsers return an HTTP header, OK most popular browsers do but I want to be able to cover all bases.

I wanted to experiment with something either from the PHP config or Apache's...

Here's my code to prevent usage of my images (and potentially other files too).

Code: Select all

$Page_request = $_SERVER&#1111;'HTTP_REFERER'];
if (eregi ("mydomain.com", $Page_request) OR $Page_request == "")
&#123;
    $query = // SELECT photo from DB
    $result = mysql_query($query) or die (mysql_error()."<BR>".$query);
    if ($row = mysql_fetch_array($result)):
        print $row&#1111;"Photo"];    // Write the Image code.
    else:
        readfile("images/spacer_trans.gif");
    endif;
&#125;
else
&#123;
    require ("images/access_denied.php");  // Send a small gif of extreme dimension
&#125;
The access_denied.php logs a warning in another DB and sends an 8 kb GIF of about 1500x1500 pixels with the words "ACCESS DENIED" (the image has very few colours...) We first toyed with the idea of sending a monkey's ass but that would defeat the purpose of protecting our bandwidth since the monkey's ass weigthed more then the average weigth of our images.

The spacer_trans.gif image is displayed if the image couldn't be retreived from the database (I.E. that particular image_id doesn't exists anymore).