Hi,

I run an art website and post lot of high resolution pictures. I have just noticed that some people link straight to my pictures from their website and stealing my bandwidth.

Probably they go with something like:
<a href="mywebsite.com/images/flower1.jpg>some pict name</a>

Is there anything I can do to resolve this problem?

Thanks!

Neno

The mean way would be to replace those pictures with some very nasty, disgusting, pornographic, illegal whatever pictures temporarily using the same file name so that it shows up on their site and then complain to their webhost about them having illegal content on their site. Most webhosts usually have rules against certain content and maybe they get their account suspended.

Or you could use an .htaccess file and set it up so that images can only be accessed from your site.

Thanks, but HOW can I use htaccess file to restrict their access to my images? Any good tutorial on the subject?

Thanks.

There is an excellent article here (http://wsabstract.com/howto/htaccess.shtml). The specific section you want is here (http://wsabstract.com/howto/htaccess10.shtml).

Hi, I am trying to solve the same problem with a free solution as well, but for IIS. I posted here with no replies about a week ago.
http://www.codingforums.com/showthread.php?s=&threadid=18607

The articles above help you out as well as the articles in the posting i linked to.

Anyone with experience with a free IIS solution? A free solution for win2k IIS running ASP 3, without ASP.net?

Originally posted by fredmv
There is an excellent article here (http://wsabstract.com/howto/htaccess.shtml). The specific section you want is here (http://wsabstract.com/howto/htaccess10.shtml).

please can u made a .htacces file for my site please

Simply create a blank .htaccess file, and add the following inside it:

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]


Change mydomain.com to your domain, obviously. It will prevent all other domains from linking directly to .gif and .jpg files on your domain.

Originally posted by Oakendin
Hi, I am trying to solve the same problem with a free solution as well, but for IIS. I posted here with no replies about a week ago.
http://www.codingforums.com/showthread.php?s=&threadid=18607

The articles above help you out as well as the articles in the posting i linked to.

Anyone with experience with a free IIS solution? A free solution for win2k IIS running ASP 3, without ASP.net?

Short of writing an ISAPI filter to perform the same sort of check, I suggest you change the links for the images you want to protect to a common folder but don't move the images to that directory, instead move them to aother common folder outside of the web site (so they can't be reached using a URL directly). Set up a "custom 404" error ASP page for that empty common directory and have that script check the "referrer" address coming from the requestor. You can then have the custom code read and send the requested image (using the File System Object) if it's a valid request or send a special image noting the fact that the image is stolen and therefore the web site showing the image is not safe for doing business with.

That way you not only protect your images, you also get to drag the thief's name in the mud. :cool:

Originally posted by WA
Simply create a blank .htaccess file, and add the following inside it:

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]


Change mydomain.com to your domain, obviously. It will prevent all other domains from linking directly to .gif and .jpg files on your domain.

Only one problem with that solution. That relies on information given by the browser. Unfortunately not all browsers either give the referer information at all, correctly or allow the visitor to disable or change the information. When that happens you inadvertently disable the viewing of all images for those people.

I would avoid relying on HTTP_REFERER for anything.

Hmm, interesting point, Spook... I have suspected that. Do you know which browsers do not support HTTP_REFERER ?

Thanks.

If you want total control and still want to be able to work even for those people who've disabled the REFERRER (or use a browser which doesn't reliably provide it) then it's still possible but it's more work.

The best way to do that would be to hook the output stream (using an ISAPI filter on IIS, I'm sure Apache has a mechanism too but it's outside my realm of experience), search for image references and replace them with a single MIME stream which contains the page and all the images. A MIME stream like that is how some of the spam you receive can have html content and will still show you images even when you don't have a live internet connection.

You could also write a tool to "pre-prepare" those pages and avoid the active processing, it would just add more steps to your publishing process.