Help
If other sites are linking to images on your system, therefore stealing
bandwidth from you and incidentally making it appear as though the
images belong to them, you can remedy the issue by adding the following lines to the .htaccess file in the directory where the
images are, or to the appropriate httpd.conf file. Replace the
myserver.com with your domain name:
SetEnvIfNoCase Referer "^http://([^/]*\.)? myserver.com/" local_referrer=1 Order Allow,Deny Allow from env=local_referrer
In fact, by using the following recipe, you can even go one step further, and return a different image to users accessing your images via an off-site reference:
SetEnvIfNoCase Referer "^http://([^/]*\.)?myserver.com/" local_referrer=1
RewriteCond "%{ENV:local_referer}" "!=1"
RewriteRule ".*" "/Stolen-100x100.png" [L]The first solution will cause all requests for image files to be
refused with a 403
Forbidden status unless the link leading to the request was
in one of your own documents. This means that anyone linking to your
images from a different Web site system will get the error instead of
the image, because the referer does not match the approved server
name.
Note that this technique can cause problems for requests that do
not include a Referer request
header field, such as people who visit your site through an
anonymizing service or who have their browser configured not to send
this information.
The second solution is similar to the first, except that it
substitutes an image of your choice for the one requested, rather than
denying the request. Using the values in the Solution, you can
construct a Stolen-100x100.png
that has whatever admonitory message or perhaps just some picture that
will deter the visitor from “stealing” your images.
Tip
This technique has a tendency to get the problem fixed more quickly, since visitors to the thieving site will see “This Image Is Stolen!”—and that’s typically not the impression the site’s owners would like them to get. Simply returning a 403 (Forbidden) error will result in a broken-image icon on the referring page, and everyone is used to those nowadays and thinks nothing of them.
The new edition of the Apache Cookbook offers you updated solutions to the problems you're likely to encounter with Apache. Thoroughly updated for Apache versions 2.0 and 2.2, this book includes more than 200 recipes ranging from simple tasks, such installing the server on Red Hat Linux or Windows, to more complex tasks, such as setting up name-based virtual hosts or securing and managing your proxy server.
