How to prevent linking to your images (this is techie, you may want to ignore)

[misterx]

I noticed in my webstats that a myspace url kept coming up in my referrers. When I checked it out, it turns out someone was using one of my images as a background image for their webpage, without asking. This annoyed me. Here was my solution:

Create a file called .htaccess, and put it in the directory that has my images. The contents of the file are as follows:


SetEnvIfNoCase Referer "^http://profile.myspace.com(/|$)" remote_linked=1

[Error: Irreparable invalid markup ('<filesmatch "\.(gif|png|jpe?g)$">') in entry. Owner must fix manually. Raw contents below.]

I noticed in my webstats that a myspace url kept coming up in my referrers. When I checked it out, it turns out someone was using one of my images as a background image for their webpage, without asking. This annoyed me. Here was my solution:

Create a file called .htaccess, and put it in the directory that has my images. The contents of the file are as follows:


SetEnvIfNoCase Referer "^http://profile.myspace.com(/|$)" remote_linked=1
<FilesMatch "\.(gif|png|jpe?g)$">
Order Deny,Allow
Deny from env=remote_linked
</FilesMatch>

What this does is check the referrer, and if it's from profile.myspace.com, it sets an environment variable called remote_linked. It then checks for this variable before displaying images, and if found, doesn't display them. This denies hotlinking only to that specific site.

To deny hotlinking to all external sites (careful though if you post stuff around like I do, you may break your own posts on lj or such), we switch it around... only allow links from my site, as follows:


SetEnvIfNoCase Referer "^http://www.vaughnsphotoart.com(/|$)" locally_linked=1
SetEnvIfNoCase Referer "^http://vaughnsphotoart.com(/|$)" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe?g)$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>


Note... for either of these to work, the following had to be set up in httpd.conf


# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride FileInfo Limit


I purposely let it do the irreparable markup thing, so I wouldn't have to convert all my brackets. Damn I'm lazy.

Comments

[ezerick.livejournal.com]

what kind of server are you doing this on? Dosen't Linux already have a .htaccess file that you can put that in or is it a matter of creating a file for that directory?

[misterx.livejournal.com]

Apache on Redhat. Linux does not have .htaccess files by default, and I think they are disabled by default, but setting the AllowOverride in httpd.conf allows them to be used. You create them yourself in the directory they should pertain to... they are just text files.

I can't recall if something set in an .htaccess file applies to subdirectories or not.

[blues-dream.livejournal.com]

You are an HTML NINJA. I love it.

[recompiler.livejournal.com]

Awesome but you're too nice. I ussually rename the file and put up a "bad" picture with the same name as original file. The .htaccess is too polite, I let people deep link but I love having PHP scripts that change what it is they get linked to ;-) . One time I even nailed a local municipality for using my pictures of the town and parade. They ended up displaying german senior citizen pr0n for about 3 days.

[misterx.livejournal.com]

I considered that too. Someone linking to your images is giving you the power to place content on their site. :) But in this case, I didn't want a pr0n file mixed in with my "for sale" photos in case it got indexed by a search engine.

Though I suppose I could use the referrer to do a redirect to another location. Hmm...