homepage Welcome to WebmasterWorld Guest from 54.204.168.212
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess for photo sites
Keeping the lazy out of your photos without mod_rewrite
ianevans

10+ Year Member



 
Msg#: 332 posted 12:37 am on Aug 14, 2003 (gmt 0)

In the thread "fixing a regex in htaccess" ([webmasterworld.com ]), I sought help with some htaccess setenvif regex's that would help keep the most popular community sites from stealing the over 2000 original celebrity photos we've taken over the years.

From people using photos as avatars (over and over on a page) to a Korean community site pulling over 80 Oscar photos off of our server, this was obviously a big issue for us.

Not having mod_rewrite on our server (which would enable us to switch the images to, say, an ad for our site) we needed to delve into the use of setenvif commands.

At first my htaccess file contained commands to block the most nefarious of the image thieves. It was then suggested that the most efficient method was to block _everyone_ and then selectively let in the "good guys" like the larger search engines. It was also debated whether or not to let in blank referers, which we decided to do.

With the help of jdMorgan, I looked at a list of the most used search engines and services and went to work checking which of them had changed their URLs. This was the result:

SetEnvIfNoCase Referer "^http://[^/]*mysite\.tld/" good
SetEnvIfNoCase Referer "^$" good
SetEnvIfNoCase Referer "^http://216\.122\.242\.223" good
SetEnvIfNoCase Referer "^http://216\.239\.(3[2-9]¦[45][0-9]¦6[0-3])\..*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://66\.218\.(64¦[78][0-9]¦9[0-5])\.[0-9]{1,3}/search/cache.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://images\.google\..*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://babelfish\.altavista\.com/.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://search.*\.cometsystems\.com/search.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://.*searchhippo\.com.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://web\.archive\.org/web/.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^207\.228\.(19[2-9]¦2[01][0-9]¦22[0-3])\." good
SetEnvIfNoCase Referer "^http://fets.*\.freetranslation\.com/.*(www\.)?mysite" good
SetEnvIfNoCase Referer "^wysiwyg://[0-9]{1,2}/http://www\.mysite\.tld" good
SetEnvIfNoCase Referer "^http://multimedia\.alltheweb\.com/*" good
SetEnvIfNoCase Referer "^http://images\.search\.yahoo\..*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://www\.gigablast\.com/*" good
SetEnvIfNoCase Referer "^http://search\.aol\.com/*" good
<FilesMatch "\.(jpg¦JPG)">
Order Allow,Deny
Allow from env=good
</FilesMatch>

Now some of these lines will be based on personal choices. You have to decide if your blank referer accesses are "evil" or just folks using security software. You have to decide whether you get enough traffic from the search engines to warrant giving them some of your bandwidth, etc.

Another side project: when people now come to a photo from an href link on another site, the resulting 403 error is fed through a custom 403 page which looks up the photo and serves it up to them on its proper page, context, content, ads and all.

Thanks to all in the previous thread for their assistance.

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved