Welcome to WebmasterWorld Guest from 54.145.208.64

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

htaccess for photo sites

Keeping the lazy out of your photos without mod_rewrite

   
12:37 am on Aug 14, 2003 (gmt 0)

10+ Year Member



In the thread "fixing a regex in htaccess" ([webmasterworld.com ]), I sought help with some htaccess setenvif regex's that would help keep the most popular community sites from stealing the over 2000 original celebrity photos we've taken over the years.

From people using photos as avatars (over and over on a page) to a Korean community site pulling over 80 Oscar photos off of our server, this was obviously a big issue for us.

Not having mod_rewrite on our server (which would enable us to switch the images to, say, an ad for our site) we needed to delve into the use of setenvif commands.

At first my htaccess file contained commands to block the most nefarious of the image thieves. It was then suggested that the most efficient method was to block _everyone_ and then selectively let in the "good guys" like the larger search engines. It was also debated whether or not to let in blank referers, which we decided to do.

With the help of jdMorgan, I looked at a list of the most used search engines and services and went to work checking which of them had changed their URLs. This was the result:

SetEnvIfNoCase Referer "^http://[^/]*mysite\.tld/" good
SetEnvIfNoCase Referer "^$" good
SetEnvIfNoCase Referer "^http://216\.122\.242\.223" good
SetEnvIfNoCase Referer "^http://216\.239\.(3[2-9]¦[45][0-9]¦6[0-3])\..*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://66\.218\.(64¦[78][0-9]¦9[0-5])\.[0-9]{1,3}/search/cache.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://images\.google\..*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://babelfish\.altavista\.com/.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://search.*\.cometsystems\.com/search.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://.*searchhippo\.com.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://web\.archive\.org/web/.*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^207\.228\.(19[2-9]¦2[01][0-9]¦22[0-3])\." good
SetEnvIfNoCase Referer "^http://fets.*\.freetranslation\.com/.*(www\.)?mysite" good
SetEnvIfNoCase Referer "^wysiwyg://[0-9]{1,2}/http://www\.mysite\.tld" good
SetEnvIfNoCase Referer "^http://multimedia\.alltheweb\.com/*" good
SetEnvIfNoCase Referer "^http://images\.search\.yahoo\..*(www\.)?mysite\.tld" good
SetEnvIfNoCase Referer "^http://www\.gigablast\.com/*" good
SetEnvIfNoCase Referer "^http://search\.aol\.com/*" good
<FilesMatch "\.(jpg¦JPG)">
Order Allow,Deny
Allow from env=good
</FilesMatch>

Now some of these lines will be based on personal choices. You have to decide if your blank referer accesses are "evil" or just folks using security software. You have to decide whether you get enough traffic from the search engines to warrant giving them some of your bandwidth, etc.

Another side project: when people now come to a photo from an href link on another site, the resulting 403 error is fed through a custom 403 page which looks up the photo and serves it up to them on its proper page, context, content, ads and all.

Thanks to all in the previous thread for their assistance.