Preventing Image Hotlinking - What, How, and some Hints
A few months ago, I saw this post on Coding Horror, describing a problem that I've noticed in my own traffic reports; a rather large amount of traffic from odd sites. Diving into the details, it became clear that some folks are hotlinking (aka inline linking or direct linking) to the images on my server. Some take a dim view of this practice, and I suppose it could be a problem if the images are large. For me, I just saw it as a good excuse to jump back into the code on this site - it's been a while, and I needed a good mental exercise this afternoon.
I found two excellent write-ups that give a few good ideas on how to deal with the issue. I've cut and pasted the code below, but don't take my word for it - go directly to the original posts - those folks deserve all the credit! (Plus, you can check for updates to the scripts, etc.)
- The first how-to post, which best describes how to identify / catch the issue, can be found on Tom Sherman's Jotsheet. There's over 5 pages of comments on that post (as I write this), but I didn't bother reading em 'all; the code in the main body of the page worked fine for me. Just add the following lines to the .htaccess file in the root directory of your site ...
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !cazh1\.com [NC]
RewriteCond %{HTTP_REFERER} !bloglines\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteRule (.*) /please_dont_rip_my_images.shtml?/$1 [R,NC,L]Note: that's pretty much a direct cut/paste; lines 3-6 list the sites that won't get redirected, so be sure to change line 3 to your own domain name (as I have done). Also, you can add other sites / domains to this list - Bloglines, for example, if your RSS feeds include images.
The last line says to redirect the image requests to a standalone web page, that ostensibly admonishes the linker for borrowing the image uncredited ... but maybe there's a better way ...
- ... which leads to the second post, a nicely done write-up from Thomas Scott and A List Apart. His approach puts a PHP script in place, that gives you a nice opportunity to frame your image with a message giving credit where credit is due.
I chose to redirect the image requests to a new page on my site; most folks are after the buttons, anyway, so I point them in that direction as well - I assume they'll want more. A more interesting result - I'll be able to see this activity more easily on on my web traffic reports.
Key Learning #1: At first, I got a 500 error in my development environment, but that's because I had not installed mod_rewrite. A quick change to my local httpd.conf file eliminated that problem.
Key Learning #2: I found good and better test pages that helped me check to see all is well.
Key Learning #3: Sherman's writeup applies only to Apache servers, but the Coding Horror post tells of how to address this issue with IIS.
posted by James P. MacLennan at 3:55 PM
| Permalink
| 0 Comments
