Keeping Your Images from Adorning Other Sites Page 4

If you're not sure whether anyone is really after your artwork, you can use the same detection mechanism and envariable to log suspicious requests. For instance, if you add the following directives to your httpd.conf file, an entry will be made in the /usr/local/web/apache/logs/poachers_log file any time someone accesses one of your images without a valid Referer:

  
    SetEnvIfNoCase Referer      !"^http://my.apache.org/" not_local_ref=1
    SetEnvIfNoCase Request_URI  ".(gif|jpg)"               is_image=1
    RewriteEngine  On
    RewriteCond    $ {ENV:not_local_ref} =1
    RewriteCond    $ {ENV:is_image}      =1
    RewriteRule    .*                   -     [Last,Env=poach_attempt:1]
    CustomLog logs/poachers_log         CLF   env=poach_attempt
  
  


  This should have the effect of logging all attempts to access
  your images using one of the potential 'snitching' techniques
  described in this article.  The first two lines set flags for
  the conditions (that it's an image, and that it was't referred
  by a local document), the RewriteCond lines check
  to see if the flags are set, the RewriteRule line
  sets a third flag combining the two, and the last line causes the
  logging of the request in a special file if that last flag is
  set.  The log entry is written in the pre-defined 'CLF' format
  ('Common Log Format'), but you could put together your own
  format just as easily.
  

  
Other Resources
  


  The techniques described in this article are geared toward a single purpose,
  but illustrate some of the capabilities of the Apache server.
  Here are some pointers to resources for further investigation:
  
  


   

The HTTP/1.1 definition document:
    <URL:ftp://ftp.isi.edu/in-notes/rfc2616.txt>
   

The main Apache Web site, of course:
    <URL:http://www.apache.org/>
   

The documentation for Apache and its modules:
    <URL:http://www.apache.org/docs/>
   

The canonical email response page:
    <URL:http://www.apache.org/foundation/email-response.html>
    




    (This page is normally used to respond to email requests for
    support, but there are lots of good resources listed on
    it.)
  
  


  Then there are the specific pieces of the Apache documentation that are
  directly related to the directives and commands described in this
  article:
  
  


   

The documentation for <FilesMatch> documentation:
    <URL:http://www.apache.org/docs/mod/core.html#filesmatch>
   

The mod_setenvif documentation:
    <URL:http://www.apache.org/docs/mod/mod_setenvif.html>
   

The mod_access documentation:
    <URL:http://www.apache.org/docs/mod/mod_access.html>
   

The mod_rewrite documentation:
    <URL:http://www.apache.org/docs/mod/mod_rewrite.html>
   

The documentation on the CustomLog directive:
    <URL:http://www.apache.org/docs/mod/mod_log_config.html>
  

  
Conclusion