BigNoseBird.Com- home Small Logo
The 508 compliant Guide to 
       Big Nose Bird
BACK
WARNING: Be very careful editing your server configuration or .htaccess files. Even a minor typographical error can make your site unusable! Always make a backup copy of any file so you can recover quickly.

PREVENTING BANDWIDTH THEFT USING THE MOD REWRITE ENGINE AND .HTACCESS
(stopping others from using your images on their pages)

Due to either ignorance or a I'll do what I want because I want to attitude, there are plenty of people that will place image tags on their pages that pull images from your server. This linking can place a great load on your server as well as cause you to incur excess bandwidth charges.

HOW DO I STOP THIS THEFT?
The Apache Server's Mod Rewrite Engine (which must be compiled into your server to allow you to do this) can examine the name of the document requesting a file of a particular type. You can then define logic that basically does the following:

If the URL of the page requesting the image file is from an allowed domain, display the image- otherwise return a broken image.
The logic, or rules are then placed in the directory(s) that contain your image files.

IS THIS A PERFECT SOLUTION?
No. In order for it to work, the browser that requested the page must return the URL of the page, or what is called the HTTP_REFERER. There is also a performace penalty on the server due to the extra overhead it testing the file requests.

This method should be used when offsite linking has become an issue of concern to you. A little bit of tolerence or maybe a gentle e-mail to the other site's webmaster may also be an acceptable solution. I have actually made a few friends this way!

HOW EXACTLY CAN I DO THIS?

  • STEP 1: Make certain that your Apache Server was compiled with mod_rewrite. By default, the basic installation of Apache does not include it. Do not attempt this if mod_rewrite is not installed, or your site may stop functioning! Check with your system administrator. If you are the system administrator, check the Apache INSTALL file for instruction regarding the option --enable-module=rewrite

  • STEP 2: Get organized! Try to get all of your images into directories that do not contain your HTML files. Each directory containing the images should have an empty index.html file to prevent people from looking at your directory listing.

  • STEP 3: Create or edit a .htaccess in one of the directories containing your images. I suggest doing one directory first so you can test your rules, and quickly comment out the lines or rename the file if it causes server configuration errors. The .htaccess file should contain the following lines.
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$     [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
    RewriteRule .*\.gif$        -                            [L]
    
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$     [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
    RewriteRule .*\.jpg$        -                           [L]
    
    NOTE:When cutting and pasting, be sure that each RewriteCond is on one line. Line wrapping in the page display could introduce broken lines.

    Change domain.com to whatever your domain name is. Be sure to use both the plain domain name as well as the www so that people coming to your site either way are not deprived of your images!

  • STEP 4: Test! Create a page on another server and insert in image tag pointing to an image in the protected directory. If you get a broken image icon- you did it! The requests will still appear in your logs, but your bandwidth will be protected.
On files such as .MIDI (music files), it will result in a Forbidden error.



Find or Give Help on the BBS
 
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at webmaster@bignosebird.com.


<reallybig.com>
Web Builder Network Portal
Advertise
on the
Reallybig.com
Network
BigNoseBird Newsletter
Subscribe
Un-Subscribe


Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement