Preventing Hot-linking of Images under Apache
This one’s more technical than most of these articles…
Browsing through the logs of our web server, I discovered that a couple of photos on one of the web sites we host were being linked to from outside the site. The web site is music-related, and it turned out that there were the three sites that were linking to it were all Bit Torrent sites… particularly rude to steal bandwidth from the host of the composer at the same time as trading their music illegally.
With a bit of research, I found a helpful resource on how to prevent this in Apache 2.
The tutorial, located at http://altlab.com/htaccess_tutorial.html goes into detail on how to configure Apache 2 to block sites based on the referer information. The ‘referer’ is a URL that the web browser provides the web server when making a request. It tells the server where the link to this page came from. It can be empty - the user might type the URL in by hand. Or, for instance, if you click the tutorial’s link, their server will see the URL for this entry in Shiny Things as the referer.
The referer URL is extremely valuable for analyzing web sites. When you’re trying to understand how people use a site and how to improve it, you really need to know how they found it in the first place. The referer gives you this information. Now you can find out whether they’re finding it through direct links, through Google, through some other source.
You can block access to specific files, or types of files (say, JPEG or GIF files), based on the contents of the referer URL. There are four policies you might enforce… the first is that you serve the file regardless of the referer contents - this is the default. When you do this, people can link directly to your pictures and photos from off your web site. Or, you can stop all external links - but if there is anyone you want to allow to link directly, they’ll be stopped too. Finally, you can either stop links from a list of sites you don’t want to allow, and allow others; or, you can allow links from a list of sites you do want to allow, and stop others.
You probably want to be careful not to disallow blank referer URL’s or you may block valid access to your site.
One last note about the tutorial on access control - they provide an easy test to see if you’ve successfully blocked hot-linking. Type in a URL and they’ll let you know if it’s accessible or not.
Add to del.icio.us
Digg it!
Add to Google Bookmarks
Add to Netscape
Add to Windows Live
Add to Yahoo! My Web
RSS
