Forum Moderators: phranque
I have some animated gif files in a directory like this, mysite.com/images and my index.html page has img src links along the lines of 'images/image.gif'
I want to protect the gifs such that they are displayed when you access mysite.com/index.html but they cannot be downloaded via mysite.com/images/image.gif
I found a script that said it did this for include files, but when I changed the inc to gif it didn't let index.html display the images.
<Files ~ "\.(gif)$"> // originally (inc)
order allow,deny
deny from all
</Files>Is there a parameter for "allow" which specifies permission for index.html to access the files but prevents someone going specifically into the directory?
Blu
n.b. I've added some javascript to the page to disable right mouse clicking and downloading that way.
So, considering that, how much protection does anti-hotlinking and anti-right-click coding offer? It offers some protection against casual users, but none at all against another Webmaster who's out to really steal your stuff. For casual users who might like to forward your image to a friend while recommending your site, all the right-click script does is annoy them -- and perhaps cause them to re-think recommending your site.
Also, you cannot disable *my* right-click, since I use Firefox and have it set to disallow you from messing with *any* function of my broswer -- It's *my* browser...
Finally, what you are looking for is an HTTP Referrer-based protection method. The problem is that HTTP Referrer headers are *not* required by the protocol, and so may be missing. Users visiting your site from behind corporate or ISP caching proxies (for example, *all* AOL users) will not provide an HTTP Referrer, because the caching proxies won't pass them. Users running certain "Internet Security" software may also have their Referrer headers blocked. In almost all cases, the users are not aware of this.
So, you cannot say "block the image request if the HTTP Referrer is NOT my own site," because if you do, all of the above users will think your site is badly-broken and either go elsewhere or inundate your help desk with problem reports. You have to allow for blank referrers to avoid this.
Bottom line is, don't invest too much effort in methods that are not even 50% effective. If your animated gifs are truly valuable, then register your copyrights on them and retain an attorney to enforce those copyrights and issue DMCA take-down notices on other sites that copy them.
Now, to answer your question, you can use mod_setenvif to check the "Referer" variable (yes, the variable name is misspelled and always has been) and Deny From a variable set if the referrer is not your own site, while you Allow From a variable set if the referrer is blank. You'll need to set the mod_access precedence to "Deny,Allow" to do this.
You can do much the same thing with mod_rewrite using RewriteConds to check the referrer and the RewriteRule [F] flag to generate a 403-Forbidden response.
Jim
