OT: Preventing image saving with Apache
Peter Arremann
loony at loonybin.org
Sat Dec 11 21:24:16 UTC 2004
Brian,
In short, there is no way that works 100% - all you can do is make it pretty
difficult for them to get the images. All these hacks work mainly only
because of errors in different webbrowsers...
The first thing is some javascript that messes with the right click on images
- that will stop about 90% of all people (that should be easy to find on
google).
Next change your webserver to return past cache-expire - that way many
browsers will not even bother saving the file (read apache doc for
ExpiresActive and add something like: ExpiresByType image/gif A2592000)...
Then you can configure you webserver to rewrite urls (mod_rewrite) then
instead of returning the image as static, write a wrapper script taht will be
called. In that script, check the referrer is what you expect it to be and if
not, send them to an error page - that's most likely what that webpage
does... You can check that by taking the image URL, run a wget on it.. that
should fail with 403 you said. Then run the same but with a --referrer in it
with the original URL you came from - then you should be able to get the
picture....
Cookies are also pretty useful there. You can embed a cookie in your page and
then check for it in your wrapper - some browsers don't pass it correctly
when loading images as a "save as"...
Something that's also pretty neat is to use javascript to load the pictures.
You only include placeholders and then have some javascript in the html that
loads the picture with an onload from a different location - and log that,
and then reject the next 10 load attempts from the same IP with the same
cookie for the same picture...
As you can see, there are tons of things you can do - but nothing is easy and
straight forward.
Peter.
On Saturday 11 December 2004 14:46, Brian Wright wrote:
> OOOPS!
>
> Bad example! *blush*
>
> Anyway, what I want to do is configure Apache so that if anyone right
> clicks any image and tries to save it, it will generate a 403 error.
> I've seearched the web on how to do this, but can't find anything.
>
> --Brian
>
> On Sat, 2004-12-11 at 20:23 +0100, Alexander Dalloz wrote:
> > Am Sa, den 11.12.2004 schrieb Brian Wright um 20:09:
> > > I've just seen a site (http://www.mossgreen.net) where if you right
> > > click on an image an attempt to save it, a 403 error is generated.
> > > But, clicing on a hyperlink will bring up an image.
> >
> > Hm, this site has "adult material" :(
> >
> > > How would I configure Apache to do this?
> >
> > Without looking at it in detail: certainly done using JavaScript.
> >
> > > --Brian
> >
> > Alexander
> >
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
> --
> ______________________________________________________________________
> Brian Wright Aturna Communications Inc.
> bdw at aturna.com Internet Services
> AIM: BigBY2K ICQ: 21221328 WWW http://www.aturna.net
> ______________________________________________________________________
More information about the fedora-list
mailing list