Keeping Your Images from Adorning Other Sites Page 3

This will let a request proceed if the local_ref
envariable is set (with any value whatsoever). Any and all other
requests will be denied because they don’t meet the Allow
conditions and the default is to deny access.

Putting It All Together

Putting all these pieces together, we end up with a stanza of
directives that looks something like this:

  
        SetEnvIfNoCase Referer "^http://my.apache.org/" local_ref=1
        
            Order Allow,Deny
            Allow from env=local_ref
        
  These may all appear in your server-wide configuration files

  (e.g., httpd.conf), or you can put the

   container in one or more

  .htaccess

  files.  The effect is the same: Within the scope of these directives,

  images can only be fetched if they were linked to from one of your

  pages.
  





Note:
As of Apache 1.3.12 and earlier, the SetEnvIf*

       directives

       are only allowed in the server-wide configuration files.

       In later versions, they can be used inside containers and in

       .htaccess files.





Going Further
  I mentioned earlier that you can’t fully prevent image theft.  That’s

  because of two things, which apply pretty much to the two different

  types of poaching respectively:
  


Someone who really wants your artwork can always

    request it using a faked-up Referer value that

    happens to meet your criteria.  In other words, by jiggering up

    the request so it looks like it’s a reference from your site.

If someone legitimately views your artwork by going through

    your pages, the image files are almost certainly in his client’s

    cache somewhere.  So he can pull it out of a cached valid request

    rather than making another one just to pick up the image.

  Though it’s essentially impossible to foil someone who’s really desperate

  to snitch your artwork, the steps described in this article should

  make it too difficult for the casual poacher.
  
  Another thing you can do, depending upon how protective you are of

  your art, is to watermark the images.  Watermarking a digital

  image consists of encoding a special ‘signature’ into the graphic

  so that it can be detected later.  Digital watermarking doesn’t

  degrade the quality of the image, and can be done in such a way

  that even a cropped subsection of the image contains the mark, and

  it’s detectable even if the image has been otherwise edited since the

  mark was inserted.

  It’s even possible to detect a watermark in an image that was

  printed and then scanned in, having left the digital realm

  altogether!  If you watermark your images, there’s an excellent chance

  you’ll be able to prove snitching if you ever find a suspicious image

  on another site somewhere.
  
Logging Snitch-Attempt Requests