OT: Preventing image saving with Apache

Peter Arremann loony at loonybin.org
Sat Dec 11 21:24:16 UTC 2004


Brian,

In short, there is no way that works 100% - all you can do is make it pretty 
difficult for them to get the images. All these hacks work mainly only 
because of errors in different webbrowsers...

The first thing is some javascript that messes with the right click on images 
- that will stop about 90% of all people (that should be easy to find on 
google). 
Next change your webserver to return past cache-expire - that way many 
browsers will not even bother saving the file (read apache doc for 
ExpiresActive and add something like:  ExpiresByType image/gif A2592000)... 
Then you can configure you webserver to rewrite urls (mod_rewrite) then 
instead of returning the image as static, write a wrapper script taht will be 
called. In that script, check the referrer is what you expect it to be and if 
not, send them to an error page - that's most likely what that webpage 
does... You can check that by taking the image URL, run a wget on it.. that 
should fail with 403 you said. Then run the same but with a --referrer in it 
with the original URL you came from - then you should be able to get the 
picture....
Cookies are also pretty useful there. You can embed a cookie in your page and 
then check for it in your wrapper - some browsers don't pass it correctly 
when loading images as a "save as"...
Something that's also pretty neat is to use javascript to load the pictures. 
You only include placeholders and then have some javascript in the html that 
loads the picture with an onload from a different location - and log that, 
and then reject the next 10 load attempts from the same IP with the same 
cookie for the same picture... 

As you can see, there are tons of things you can do - but nothing is easy and 
straight forward.

Peter.

On Saturday 11 December 2004 14:46, Brian Wright wrote:
> OOOPS!
>
> Bad example! *blush*
>
> Anyway, what I want to do is configure Apache so that if anyone right
> clicks any image and tries to save it, it will generate a 403 error.
> I've seearched the web on how to do this, but can't find anything.
>
> --Brian
>
> On Sat, 2004-12-11 at 20:23 +0100, Alexander Dalloz wrote:
> > Am Sa, den 11.12.2004 schrieb Brian Wright um 20:09:
> > > I've just seen a site (http://www.mossgreen.net) where if you right
> > > click on an image an attempt to save it, a 403 error is generated. 
> > > But, clicing on a hyperlink will bring up an image.
> >
> > Hm, this site has "adult material" :(
> >
> > > How would I configure Apache to do this?
> >
> > Without looking at it in detail: certainly done using JavaScript.
> >
> > > --Brian
> >
> > Alexander
> >
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
> --
> ______________________________________________________________________
> Brian Wright                                Aturna Communications Inc.
> bdw at aturna.com                                      Internet Services
> AIM: BigBY2K ICQ: 21221328                  WWW http://www.aturna.net
> ______________________________________________________________________




More information about the fedora-list mailing list