Forum Moderators: phranque
I have a web page with thumbnail images linked directly to larger images. The larger images are named 001.jpg, 002.jpg, etc... . I have found that people are just going to the address bar and typing in the image names instead of going back to the thumbnail page. Sadly these visitors are bypassing my ads. Is it possible with .htaccess to prevent people from hopping from one image to the next via the address bar?
I apologize if this has already been asked.
-Z
Welcome to WebmasterWorld!
You could do this based on HTTP_REFERER but that method is highly unreliable for various reasons, and is a dead-end. For lots of reasons, many legitimate clients do not supply the HTTP_REFERER header.
The easiest way to do this might be to use the JavaScript onclick function to set a cookie when the (correct) thumbnail is clicked, and have the server check it in .htaccess using the HTTP_COOKIE variable in mod_rewrite. The cookie must contain the full-size image number, and you might want to add a "secret" value as well.
The following code will return a 403-Forbidden response to any request not containing your selected valid cookie value. It will rewrite any request for the fake images.jpg file in the full-size image directory to the real file in that directory with the image number from the cookie set by the onclick event. it supports 3- to 6-digit image numbers as-is, but you can change that:
RewriteCond %{HTTP_COOKIE} ^secret_value-([0-9]{3,6})$
RewriteRule ^path_to_full_size_image_directory/images.jpg$ /path_to_full_size_image_directory/%1.jpg [L]
RewriteRule ^path_to_full_size_image_directory/ - [F]
Only someone who reads the source of your page to get your "secret" value *and* has a tool to easily create his own cookie will be able to access the full-size images. You should therefore change the secret value daily to guard against someone writing a client-side script to successfully harvest your images. You should also set your cookie to expire after only a few minutes... one or two. It is only needed from the time the thumb is clicked until the full-size image is requested from your server. Unless there in massive network congestion, this should never take more than a few seconds.
I've never implemented this, and I'm not a real good JavaScript programmer, so that's about all the details I can provide. Scripts to set cookies using JavaScript can be easily found using a search engine.
Jim
