If you’re not sure whether anyone is really after your artwork,
you can use the same detection mechanism and envariable to
log suspicious requests. For instance, if you add the following
directives to your httpd.conf
file, an entry will
be made in the /usr/local/web/apache/logs/poachers_log
file any time someone accesses one of your images without a valid
Referer
:
SetEnvIfNoCase Referer !"^http://my.apache.org/" not_local_ref=1 SetEnvIfNoCase Request_URI ".(gif|jpg)" is_image=1 RewriteEngine On RewriteCond $ {ENV:not_local_ref} =1 RewriteCond $ {ENV:is_image} =1 RewriteRule .* - [Last,Env=poach_attempt:1] CustomLog logs/poachers_log CLF env=poach_attemptThis should have the effect of logging all attempts to access
your images using one of the potential 'snitching' techniques
described in this article. The first two lines set flags for
the conditions (that it's an image, and that it was't referred
by a local document), theRewriteCond
lines check
to see if the flags are set, theRewriteRule
line
sets a third flag combining the two, and the last line causes the
logging of the request in a special file if that last flag is
set. The log entry is written in the pre-defined 'CLF' format
('Common Log Format'), but you could put together your own
format just as easily.Other Resources
The techniques described in this article are geared toward a single purpose,
but illustrate some of the capabilities of the Apache server.
Here are some pointers to resources for further investigation:
-
The HTTP/1.1 definition document:
ftp://ftp.isi.edu/in-notes/rfc2616.txt> -
The main Apache Web site, of course:
http://www.apache.org/> -
The documentation for Apache and its modules:
http://www.apache.org/docs/> -
The canonical email response page:
http://www.apache.org/foundation/email-response.html>(This page is normally used to respond to email requests for
support, but there are lots of good resources listed on
it.)
Then there are the specific pieces of the Apache documentation that are
directly related to the directives and commands described in this
article:
-
The documentation for
documentation:
http://www.apache.org/docs/mod/core.html#filesmatch> -
The
mod_setenvif
documentation:
http://www.apache.org/docs/mod/mod_setenvif.html> -
The
mod_access
documentation:
http://www.apache.org/docs/mod/mod_access.html> -
The
mod_rewrite
documentation:
http://www.apache.org/docs/mod/mod_rewrite.html> -
The documentation on the
CustomLog
directive:
http://www.apache.org/docs/mod/mod_log_config.html>