Re: [users@httpd] Apache improvement suggestion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/11/05, Uri Raz <uri_raz@xxxxxxxxxxxxxx> wrote:
> Hello,
> 
>  I have a problem with object theft on my web site - bloggers & forum
> participants link directly to images on my web site, so they get the
> content and I get the traffic bill at the end of the site. The solution
> suggested to me by the hosting company (which uses apache) is to use an
> '.htaccess' file which would block access based on the referrer field.
> 
>  Problem with that solution is that many surfers block the referrer field
> using a proxy or a firewall, including some surfers who browse my site and
> legitimately expect the graphics to come up. My idea is to have apache
> remember which IP requested for a page (a file with an appropriate
> extension / MIME type, e.g. HTML) in the last X seconds and allow only
> those who did get graphics files.

This has major problems (some of which you mention) and, more
importantly, is unnecessary.

To solve this problem, simply allow through any request with *no*
referer field, in addition to requests with the proper referer.  Then
anyone trying to inline your images will still find that 95% of people
visiting their page will find it broken, so they won't get any benefit
from the inlining.  The fact that 5% of the requests will succeed
shouldn't matter.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux