Hello,I have a problem with object theft on my web site - bloggers & forum participants link directly to images on my web site, so they get the content and I get the traffic bill at the end of the site. The solution suggested to me by the hosting company (which uses apache) is to use an '.htaccess' file which would block access based on the referrer field.
Problem with that solution is that many surfers block the referrer field using a proxy or a firewall, including some surfers who browse my site and legitimately expect the graphics to come up. My idea is to have apache remember which IP requested for a page (a file with an appropriate extension / MIME type, e.g. HTML) in the last X seconds and allow only those who did get graphics files.
This does require managing a lookup table (and thus requires memory and CPU cycles), but as the table is kept at the IP level (host X requested a page - any page) it would grow in a linear fashion with the number of surfers (say a hash table), regardless of the number of files in the site. Any surfer who browses the site would have no problems, while a surfer who tries to get a graphics file linked from another site would get nothing.
This has two limitations - people who have surfed the site in the last X seconds (not very likely for a reasonable value of X, say 1 to 5 minutes), and several users who share a proxy so that one surfs the site and another surfs the site that links to objects in it. Though the solution is not 100% watertight, it looks to me like a significant improvement at a low cost.
Thanks, Uri Raz.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx