Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 83224 invoked by uid 500); 4 Mar 2003 17:43:18 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 83211 invoked from network); 4 Mar 2003 17:43:18 -0000 Received: from unknown (HELO mail2.inetwebz.com) (216.133.94.187) by daedalus.apache.org with SMTP; 4 Mar 2003 17:43:18 -0000 Received: from wolflarsen (krcasey.walkway.buffalo.edu [128.205.97.56]) by mail2.inetwebz.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id F55PA75C; Tue, 4 Mar 2003 12:46:14 -0500 From: "Kevin Robert Casey" To: Date: Tue, 4 Mar 2003 12:48:31 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <3E643924.4010505@hereintown.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: RE: [users@httpd] Handler for images in a directory. what about the idea of using mod_rewrite? i'm not up on the syntax, but have apache rewrite requests for "/protected-dir/([\w|\d]+)\.jpg" to "/cgi-bin/protector.cgi?file=$1.jpg"? it will keep the developer (if it isn't yourself) happy because they just link to the images as they usually do, but you can implement any restrictions you want inside protector.cgi. kevin -----Original Message----- From: Chris Meadors [mailto:clubneon@hereintown.net] Sent: Tuesday, March 04, 2003 12:27 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Handler for images in a directory. Garth Winter Webb wrote: > What exactly do you mean by "dumping it from the drive"? I still don't > understand what this CGI is doing and why it makes it harder to get the > image. The only possibility I can think of is that your script can > somehow tell that the image is being requested by a browser that has > just loaded your popup window as opposed to some guy entering a direct > URL. He and I don't want to have to make 400 HTML documents, one for each image. The links all over his site already pop-up windows with the tool bars disabled. But they link directly to the image. So I need something that takes the image link, and returns an HTML document instead, that has the image displayed inside it. This HTML document disables the context menu. > But as stated before, it is simply impossible to show images on a page, > yet not let people copy those images. Really all you can hope to do is > make it *hard enough* so that a certain percentage of your audience will > give up before succeeding. I agree, and so does the guy that owns the site. > Furthermore, this percentage has a ceiling. At some point, the people > who continue trying to load your image will give up attacking the CGI > wall you are building and simply turn their browser cache on, load your > page and then harvest the disk cache for the image. > > So, the best thing for you to do is make your technique just as much a > bother as rooting through the disk cache, otherwise its a wasted > effort. In my opinion, a popup window without a toolbar and javascript > to disable right clicking meets that amount of bother. Exactly what he is doing, except the right clicking was still enabled. So each image needed to be wrapped in HTML. Since all the links where there, and the images were in one directory. I thought that Apache's "Action" on the image/jpeg for the directory would be nice. I wrote a quick CGI script that would just output the needed HTML and included , but before I even put it in place I relized that just because the image was being loaded in the handler, didn't mean it wouldn't be parsed by the handler again. So I wrote a second cgi script that could be passed a URI and it would fetch it from the disk, not through the server, and just dump the contents of the file after the propper headers. So it ended up looking like . That works but feels too hackish. I really just wanted one script that would do it all, and could use the image's URL internally. So what I'm thinking now is, have the handler check to see if the HTTP_REFERER equals REQUEST_URL, that will mean that the handler has called itself, in that case, open the image file, write the Content-type header then write the file to the standard out, else write the HTML document that has an inline image with the src equal to the REQUEST_URI. -- Chris --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org