[ Príspevok: 1 ] 
AutorSpráva
Offline

Prevádzkovateľ fóra
Prevádzkovateľ fóra
Smarter Image Hotlinking Prevention

Registrovaný: 01.05.05
Príspevky: 12422
Témy: 1447 | 1447
Bydlisko: Bratislava
Vek: 32
NapísalOffline : 30.11.2005 23:58 | Smarter Image Hotlinking Prevention

Smarter Image Hotlinking Prevention

Hey! That’s mine!
Most web professionals are all too aware of the problems caused by hotlinkers. Leechers. Bandwidth thieves. People who use images hosted on your web server on their own pages.

For some lucky people who don’t pay by the gigabyte for the amount of data they transfer, that's not too big a deal. Who cares if some little-trafficked weblog uses your photograph of snow falling in New York?

For other sites, however, it's a much bigger problem. If a 100K JPEG is hotlinked on a site that gets, say, 1,000 hits a day, that’s 100MB of data transferred from your site without a single person actually visiting your site. If you have only a few gigabytes of transfer available per month — or worse, pay money per gigabyte — this can add up. And if someone were to leech an entire gallery from your site …

The trouble is that the usual approaches for preventing hotlinking have a couple of side effects.

Quick fixes aren’t perfect
The usual approach is to instruct the server to deny all requests for images where the HTTP referer header 1 is not either from your own site (or blank). Thus, only people actually browsing your web site — or those whose browsers are not passing referrer headers for whatever reason — will be able to see the image.

A second approach is to redirect off-site traffic to an alternate image — either a general “hotlinking denied” image, or (in the case of some mischievous webmasters) something more shocking.

The trouble with these techniques is that regular linking is also prevented. Since browsers also send referrer headers when someone clicks a link to one of your images, the only way for people to go directly to your pictures would be to copy and paste a link into a new browser window. Granted, some webmasters might like this — it ensures that people link to the pages that photos appear on — but others may want links to succeed. Plus, if you have a gallery page with lots of images, this method makes it difficult for someone to point directly to a particular piece of your fantastic artwork.

The solution I’m about to suggest solves this problem while giving credit to you when people link to your pictures.

Where do we go from here?
With PHP and mod_rewrite, you can disallow embedding and allow linking while automatically creating gallery pages for those direct linkers. It’s the best of all worlds, and here’s how to do it.

You’ll need an Apache server capable of running PHP, with mod_rewrite enabled. If you don’t know what you have, ask your hosting company, or give it a try — if it fails, you'll know you don’t have them.

First, create a new file called showpic.php and put this code in it:
Kód:
<?php
  header("Content-type: text/html");
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  header("Cache-Control: no-store, no-cache,
          must-revalidate");
  header("Cache-Control: post-check=0, pre-check=0",
          false);
  header("Pragma: no-cache");
  $pic = strip_tags( $_GET['pic'] );
  if ( ! $pic ) {
    die("No picture specified.");
  }
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
  "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title><?php echo($pic); ?></title>
<meta
  http-equiv="Content-Type"
  content="text/html; charset=iso-8859-1"
>
</head>
<body>
<p>
  <img src="/<?php echo($pic); ?>" alt="Image">
</p>
<p>
  Image from
  <a href="http://www.yourwebsite.com/">
  your web site</a>.
</p>
</body>
</html>

Needless to say, you should change the HTML to match your own web site.

Let’s take a look at the PHP in there. The first line is a header to make sure the Content-Type sent to the browser identifies the document as HTML. We’ll see why this is important in a moment. The second line checks that a variable $pic has been passed to the script. If not, it skips to the end and exits quite abruptly. However, since this script should never be called without that variable (again, we’ll see why later), that's not too much of an issue.

Assuming that this variable is there, the other lines of PHP strip any tags from it (to prevent cross-site scripting exploits), output the variable in the right place to create a valid <img> tag, and add the file name to the page <title>.

So far, this is just a simple script. Go to www.yoursite.com/showpic.php?pic=yourimage.gif and it will output a simple page showing yourname.gif and a credit.

Now it gets interesting
If you’re an .htaccess neophyte, take a look at this introduction which will take you through the basics.

The next step is to add the following code to your .htaccess file:
Kód:
RewriteEngine On

RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !yoursite\.com [NC]
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC] 
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]

RewriteRule (.*) /showpic.php?pic=$1

Let’s go through this one line at a time. RewriteEngine On gets mod_rewrite ready to do its stuff. First come the conditions:
Kód:
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]

Okay. First condition: the file name must end in .jpg, .gif, or .png. This makes sure our hotlink prevention only triggers on images. You might want to change this to include .swf, .mp3, or other similar files.
Kód:
RewriteCond %{HTTP_REFERER} !^$

Second condition: the referrer must not be blank. This means that people who aren’t passing referrer headers, for whatever reason, will still be able to see your images.
Kód:
RewriteCond %{HTTP_REFERER} !yoursite\.com [NC]
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC]

These next conditions allow linking from your own site, and any other friendly sites that you want to allow linking from. Change the sites to your own, of course. Apache isn’t psychic.
(Don’t know what the ! \ .*$ is all about? It’s a regular expression. If you keep the format the same, you don’t need to worry about it.)
Kód:
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]

Okay. Finally, let’s let Google get through. These last conditions allow people using the Google cache and Google Image Search to see your pictures. (You might want to remove this if you don’t want people to find your pictures this way, but I don’t recommend it.)

All together now
Now let’s hook the two together. On to the last line of the .htaccess file, which is:
Kód:
RewriteRule (.*) /showpic.php?pic=$1

This last rule silently redirects the request to /showpic.php?pic=[the requested file]. Thanks to the wonder of Apache, this will automatically include all necessary slashes and path information, and not be visible to the end user.

So what happens?
Now, the only way a request will have got this far is if:

It’s for an image file, and
it’s not coming from a domain that you own or are friends with.
So firstly, and most importantly, if someone tries to hotlink one of your images, it’ll fail — the browser, instead of receiving an image file, will receive the result of showpic.php, which is sent as text/html. It’ll realise it can’t display it, and produce a broken image placeholder. Bandwidth saved.

On the other hand, if someone tries to link directly to your images, they’ll get silently redirected to an HTML page with your credit on it! No red X, no silly “denied” image — just a handy page that shows them the image they want to see, and gives you credit for your work.

See it in action
First of all, let's check that the script still allows images to load for people visiting your own web site. Yes, that looks fine. Now, let’s see if A List Apart can hotlink my images. Nope, guess not. And what happens if you just link straight to the image file? Well, there’s a nicely formatted page.

Taking it further
If you're using some kind of content management system like Gallery, there might be a way to tie a script like this into a database of pictures, and automatically generate ALT tags and more information about the picture.

Of course, I’ll leave that as an exercise for the reader.


_________________
SilverStone SST CS01 | Corsair SF600 600W SFX | ASRock X99E-ITX/ac | Intel Xeon E5-2683 v4 (16 Cores / 32 Threads) & Noctua NH-U9DX i4 | Kingston HyperX Savage 32 GB DDR4 2400 MHz | PNY NVIDIA Quadro K1200 DP 4 GB DDR5 | Intel SSD 750 1.2 TB NVMe & Intel SSD 730 240 GB SATA & Seagate BackUp Plus Portable 12 TB USB | 31.5" 4K LCD EIZO FlexScan EV3237 & 2 x 24" LCD EIZO FlexScan EV2451 | Ergotron LX Wall Mount Keyboard Arm | Logitech Craft | Logitech Wireless G700s | Harman Kardon Nova | Microsoft Windows 7 Ultimate | APC Back-UPS ES 700 | Lenovo ThinkPad X250 - Intel Core i7 5600U, 8 GB DDR3 1600 MHz, Intel HD Graphics 5500, SanDisk SSD 512 GB, 12.5 FHD LED IPS, WWAN 3G 4G LTE, Microsoft Windows 7 Ultimate | Nintendo Classic Mini | BlackBerry Passport 96 GB
 [ Príspevok: 1 ] 


Smarter Image Hotlinking Prevention



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Data Execution Prevention (DEP) problem

v Operačné systémy Microsoft

5

619

04.12.2009 16:42

mmichalll

V tomto fóre nie sú ďalšie neprečítané témy.

Wordpress image

v Redakčné systémy

1

149

15.08.2016 22:48

89Aquarius

V tomto fóre nie sú ďalšie neprečítané témy.

Image - file

v Ostatné programy

14

819

11.06.2007 9:18

tairikuokami

V tomto fóre nie sú ďalšie neprečítané témy.

image replacement

v JavaScript, VBScript, Ajax

2

260

06.07.2010 20:51

PhYs0c

V tomto fóre nie sú ďalšie neprečítané témy.

Image Text

v PHP, ASP

1

203

08.08.2012 0:23

Ando

V tomto fóre nie sú ďalšie neprečítané témy.

Image map

v HTML, XHTML, XML, CSS

27

823

03.01.2008 11:30

erkakbe

V tomto fóre nie sú ďalšie neprečítané témy.

Image Upload

v JavaScript, VBScript, Ajax

1

685

19.10.2007 8:19

p360t

V tomto fóre nie sú ďalšie neprečítané témy.

Image upload

v PHP, ASP

10

479

08.10.2007 19:04

Flety

V tomto fóre nie sú ďalšie neprečítané témy.

Image edit

v Ostatné programy

2

976

09.04.2006 13:49

Spirit

V tomto fóre nie sú ďalšie neprečítané témy.

image hosting

v Ostatné programy

10

204

18.05.2017 8:46

Andre

V tomto fóre nie sú ďalšie neprečítané témy.

image scaling

v nVidia grafické karty

2

368

23.10.2009 6:41

Carm@gedon

V tomto fóre nie sú ďalšie neprečítané témy.

Random image

v PHP, ASP

1

191

13.01.2013 23:42

shaggy

V tomto fóre nie sú ďalšie neprečítané témy.

Image Preload

v JavaScript, VBScript, Ajax

5

481

30.08.2009 17:41

rooobertek

V tomto fóre nie sú ďalšie neprečítané témy.

image resize

v PHP, ASP

2

302

13.10.2007 20:43

m@-nX

V tomto fóre nie sú ďalšie neprečítané témy.

Image HDD

v Ostatné programy

6

2383

15.10.2006 2:14

maciakba

V tomto fóre nie sú ďalšie neprečítané témy.

Preformátovanie image

v Ostatné programy

2

346

08.11.2009 12:22

LoggedUser



© 2005 - 2017 PCforum, edited by JanoF