On 5/11/05, Uri Raz <uri_raz@xxxxxxxxxxxxxx> wrote: > Hello, > > I have a problem with object theft on my web site - bloggers & forum > participants link directly to images on my web site, so they get the > content and I get the traffic bill at the end of the site. The solution > suggested to me by the hosting company (which uses apache) is to use an > '.htaccess' file which would block access based on the referrer field. > > Problem with that solution is that many surfers block the referrer field > using a proxy or a firewall, including some surfers who browse my site and > legitimately expect the graphics to come up. My idea is to have apache > remember which IP requested for a page (a file with an appropriate > extension / MIME type, e.g. HTML) in the last X seconds and allow only > those who did get graphics files. This has major problems (some of which you mention) and, more importantly, is unnecessary. To solve this problem, simply allow through any request with *no* referer field, in addition to requests with the proper referer. Then anyone trying to inline your images will still find that 95% of people visiting their page will find it broken, so they won't get any benefit from the inlining. The fact that 5% of the requests will succeed shouldn't matter. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|