httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kenneth Porter <>
Subject [users@httpd] POP-before-HTTP: dealing with image leaching
Date Sat, 23 Oct 2004 19:47:57 GMT
I'm not sure if someone's already implemented something like this, and it 
seems like something that wouldn't be hard to implement. Am I reinventing 
the wheel? Is this already available?

You've all seen the problem of image leaching: You put up a nice image (or 
sound, or video) and some other site starts using it without permission. 
You could block it by looking at the referrer, but many now browse with 
referrers disabled for privacy.

My idea is based on the POP-before-SMTP concept used to prevent spammers 
from relaying through your mail server, while still allowing legitimate 
users to send mail through your server. In that situation, any user who has 
recently checked mail via POP3 is allowed to send mail through the SMTP 

So the idea here is for Apache to allow certain requests (in this example, 
images) to succeed only if certain other requests (say, an HTML document) 
were made from the same client relatively recently. We accomplish this by 
recording every successful request in a DB along with a timestamp. Before 
every request for the special content (ie. the desirable image), we check 
the DB to see if the same IP successfully fetched other content recently.

As with the POP-before-SMTP method, we run a process periodically to expire 
old records from the DB to keep it from growing without bound.

So here's the logic in a nutshell:

if (content-type is-in leached-class) and
   (now() - DB{IP}.timestamp > timeout)
    then reject
DB{IP}.timestamp = now();

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message