httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbo...@apache.org
Subject svn commit: r685418 - in /httpd/httpd/trunk/docs/manual/rewrite: rewrite_guide.html.en rewrite_guide.xml
Date Wed, 13 Aug 2008 02:12:30 GMT
Author: rbowen
Date: Tue Aug 12 19:12:30 2008
New Revision: 685418

URL: http://svn.apache.org/viewvc?rev=685418&view=rev
Log:
Provide useful solutions to the 'blocking inline images' problem.

Modified:
    httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en
    httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml

Modified: httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en?rev=685418&r1=685417&r2=685418&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en Tue Aug 12 19:12:30 2008
@@ -56,7 +56,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#old-to-new-extern">From
Old to New (extern)</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#static-to-dynamic">From
Static to Dynamic</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#blocking-of-robots">Blocking
of Robots</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#blocked-inline-images">Blocked
Inline-Images</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#blocked-inline-images">Forbidding
Image "Hotlinking"</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#proxy-deny">Proxy
Deny</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#external-rewriting">External
Rewriting Engine</a></li>
 </ul><h3>See also</h3><ul class="seealso"><li><a href="../mod/mod_rewrite.html">Module
@@ -670,7 +670,7 @@
 
     </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="section">
-<h2><a name="blocked-inline-images" id="blocked-inline-images">Blocked Inline-Images</a></h2>
+<h2><a name="blocked-inline-images" id="blocked-inline-images">Forbidding Image
"Hotlinking"</a></h2>
 
       
 
@@ -678,31 +678,57 @@
         <dt>Description:</dt>
 
         <dd>
-          <p>Assume we have under <code>http://www.quux-corp.de/~quux/</code>
-          some pages with inlined GIF graphics. These graphics are
-          nice, so others directly incorporate them via hyperlinks to
-          their pages. We don't like this practice because it adds
-          useless traffic to our server.</p>
+          <p>The following technique forbids the practice of other sites
+          including your images inline in their pages. This practice is
+          often referred to as "hotlinking", and results in
+          your bandwidth being used to serve content for someone else's
+          site.</p>
         </dd>
 
         <dt>Solution:</dt>
 
         <dd>
-          <p>While we cannot 100% protect the images from inclusion,
-          we can at least restrict the cases where the browser
-          sends a HTTP Referer header.</p>
+          <p>This technique relies on the value of the
+          <code>HTTP_REFERER</code> variable, which is optional. As
+          such, it's possible for some people to circumvent this
+          limitation. However, most users will experience the failed
+          request, which should, over time, result in the image being
+          removed from that other site.</p>
+          <p>There are several ways that you can handle this
+          situation.</p>
+
+    <p>In this first example, we simply deny the request, if it didn't
+    initiate from a page on our site. For the purpose of this example,
+    we assume that our site is <code>www.example.com</code>.</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong>    -   [F,NC]
+</pre></div>
+
+    <p>In this second example, instead of failing the request, we display
+    an alternate image instead.</p>
 
 <div class="example"><pre>
 RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
-RewriteRule <strong>.*\.gif$</strong>        -                              
     [F]
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong>    /images/go-away.png   [R,NC]
 </pre></div>
 
+    <p>In the third example, we redirect the request to an image on some
+    third-party site.</p>
+
 <div class="example"><pre>
-RewriteCond %{HTTP_REFERER}         !^$
-RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
-RewriteRule <strong>^inlined-in-foo\.gif$</strong>   -                      
 [F]
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> http://other.site.com/image.gif
  [R,NC]
 </pre></div>
+
+    <p>Of these techniques, the last two tend to be the most effective
+    in getting people to stop hotlinking your images, because they will
+    simply not see the image that they expected to see.</p>
+
         </dd>
       </dl>
 

Modified: httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml?rev=685418&r1=685417&r2=685418&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml Tue Aug 12 19:12:30 2008
@@ -665,37 +665,63 @@
 
     <section id="blocked-inline-images">
 
-      <title>Blocked Inline-Images</title>
+      <title>Forbidding Image &quot;Hotlinking&quot;</title>
 
       <dl>
         <dt>Description:</dt>
 
         <dd>
-          <p>Assume we have under <code>http://www.quux-corp.de/~quux/</code>
-          some pages with inlined GIF graphics. These graphics are
-          nice, so others directly incorporate them via hyperlinks to
-          their pages. We don't like this practice because it adds
-          useless traffic to our server.</p>
+          <p>The following technique forbids the practice of other sites
+          including your images inline in their pages. This practice is
+          often referred to as &quot;hotlinking&quot;, and results in
+          your bandwidth being used to serve content for someone else's
+          site.</p>
         </dd>
 
         <dt>Solution:</dt>
 
         <dd>
-          <p>While we cannot 100% protect the images from inclusion,
-          we can at least restrict the cases where the browser
-          sends a HTTP Referer header.</p>
+          <p>This technique relies on the value of the
+          <code>HTTP_REFERER</code> variable, which is optional. As
+          such, it's possible for some people to circumvent this
+          limitation. However, most users will experience the failed
+          request, which should, over time, result in the image being
+          removed from that other site.</p>
+          <p>There are several ways that you can handle this
+          situation.</p>
+
+    <p>In this first example, we simply deny the request, if it didn't
+    initiate from a page on our site. For the purpose of this example,
+    we assume that our site is <code>www.example.com</code>.</p>
 
 <example><pre>
 RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
-RewriteRule <strong>.*\.gif$</strong>        -                              
     [F]
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong>    -   [F,NC]
 </pre></example>
 
+    <p>In this second example, instead of failing the request, we display
+    an alternate image instead.</p>
+
 <example><pre>
-RewriteCond %{HTTP_REFERER}         !^$
-RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
-RewriteRule <strong>^inlined-in-foo\.gif$</strong>   -                      
 [F]
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong>    /images/go-away.png   [R,NC]
 </pre></example>
+
+    <p>In the third example, we redirect the request to an image on some
+    third-party site.</p>
+
+<example><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> http://other.site.com/image.gif
  [R,NC]
+</pre></example>
+
+    <p>Of these techniques, the last two tend to be the most effective
+    in getting people to stop hotlinking your images, because they will
+    simply not see the image that they expected to see.</p>
+
         </dd>
       </dl>
 



Mime
View raw message