Deny direct request to images on the website

Forum Moderators: phranque

Message Too Old, No Replies

Deny direct request to images on the website

websites that link directly to images from my website

georgi58

2:05 pm on Jan 27, 2013 (gmt 0)

I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it loads the image from my website.

I block the their IP-s in .htaccess, but it is not the best way to stop them since they change their IP. I found another thread in the forum about the same, but no solution provided.

Does anybody has any idea how to deny such request in .htaccess?

Your help is greatly appreciated
georgi

wilderness

4:44 pm on Jan 27, 2013 (gmt 0)

Mobile devices are changing the world.

Serving your images from a script is the only solution, and restricting the requests from your own active web pages.

georgi58

5:21 pm on Jan 27, 2013 (gmt 0)

would you, please give more details.

matrix_jan

5:54 pm on Jan 27, 2013 (gmt 0)

This is not hotlinking, it is direct server request.

You mean no referer? Try creating a white list in htaccess instead of a black one.
List all domains that are allowed to request images, if there is no referer then block access or show some image of your preference.

wilderness

6:27 pm on Jan 27, 2013 (gmt 0)

if there is no referer then block access or show some image of your preference.

This is NOT a sound practice.
There are too many blank referrals these days, and you would be denying many innocents.

wilderness

7:15 pm on Jan 27, 2013 (gmt 0)

would you, please give more details.

There are multiple previous explanations either in this forums archives or the SSID forum archives.

I've never saved the explanation (or link to same) because it's not feasible for my use.

Perhaps another may provide the details and/or a link.

lucy24

1:42 am on Jan 28, 2013 (gmt 0)

Robots don't send referers. That includes legitimate search engines. Obviously this is not a problem-- it may even be an advantage-- if you don't want your images crawled. But as wilderness said above, there are also perfectly legitimate humans who don't send referers. And you can't identify them with some constant variable oops, uhm, well, you know what I mean like UA or IP.

The core problem is that your server can't tell the difference between a hotlink and a direct request. The referer is identical either way: It's the name of the requesting page.

georgi58

4:25 am on Jan 28, 2013 (gmt 0)

The core problem is that your server can't tell the difference between a hotlink and a direct request. The referer is identical either way: It's the name of the requesting page.

if this is true, then logically you can write rules to exclude all other websites when requesting jpg files and serve particular page instead. not by IP or UA, but domain name.