ServersKeeping Your Images from Adorning Other Sites Page 3

Keeping Your Images from Adorning Other Sites Page 3

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.




This will let a request proceed if the local_ref
envariable is set (with any value whatsoever). Any and all other
requests will be denied because they don’t meet the Allow
conditions and the default is to deny access.

Note:
Please don’t fall into the trap of sprinkling your
.htaccess and server config files with
containers. You almost certainly don’t
need them, and they’ll just confuse the issue. Don’t use
them unless you really want to have GET requests
treated differently from POST requests, for instance.

Putting It All Together

Putting all these pieces together, we end up with a stanza of
directives that looks something like this:

  
        SetEnvIfNoCase Referer "^http://my.apache.org/" local_ref=1
        
            Order Allow,Deny
            Allow from env=local_ref
        

These may all appear in your server-wide configuration files
(e.g., httpd.conf), or you can put the
container in one or more
.htaccess
files. The effect is the same: Within the scope of these directives,
images can only be fetched if they were linked to from one of your
pages.

Note:
As of Apache 1.3.12 and earlier, the SetEnvIf*
directives
are only allowed in the server-wide configuration files.
In later versions, they can be used inside containers and in
.htaccess files.

Going Further

I mentioned earlier that you can’t fully prevent image theft. That’s
because of two things, which apply pretty much to the two different
types of poaching respectively:

  • Someone who really wants your artwork can always
    request it using a faked-up Referer value that
    happens to meet your criteria. In other words, by jiggering up
    the request so it looks like it’s a reference from your site.
  • If someone legitimately views your artwork by going through
    your pages, the image files are almost certainly in his client’s
    cache somewhere. So he can pull it out of a cached valid request
    rather than making another one just to pick up the image.

Though it’s essentially impossible to foil someone who’s really desperate
to snitch your artwork, the steps described in this article should
make it too difficult for the casual poacher.

Another thing you can do, depending upon how protective you are of
your art, is to watermark the images. Watermarking a digital
image consists of encoding a special ‘signature’ into the graphic
so that it can be detected later. Digital watermarking doesn’t
degrade the quality of the image, and can be done in such a way
that even a cropped subsection of the image contains the mark, and
it’s detectable even if the image has been otherwise edited since the
mark was inserted.
It’s even possible to detect a watermark in an image that was
printed and then scanned in, having left the digital realm
altogether! If you watermark your images, there’s an excellent chance
you’ll be able to prove snitching if you ever find a suspicious image
on another site somewhere.

Logging Snitch-Attempt Requests

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis

Latest Posts

Related Stories