ServersKeeping Your Images from Adorning Other Sites Page 4

Keeping Your Images from Adorning Other Sites Page 4




If you’re not sure whether anyone is really after your artwork,
you can use the same detection mechanism and envariable to
log suspicious requests. For instance, if you add the following
directives to your httpd.conf file, an entry will
be made in the /usr/local/web/apache/logs/poachers_log
file any time someone accesses one of your images without a valid
Referer:

  
    SetEnvIfNoCase Referer      !"^http://my.apache.org/" not_local_ref=1
    SetEnvIfNoCase Request_URI  ".(gif|jpg)"               is_image=1
    RewriteEngine  On
    RewriteCond    $ {ENV:not_local_ref} =1
    RewriteCond    $ {ENV:is_image}      =1
    RewriteRule    .*                   -     [Last,Env=poach_attempt:1]
    CustomLog logs/poachers_log         CLF   env=poach_attempt
  

This should have the effect of logging all attempts to access
your images using one of the potential 'snitching' techniques
described in this article. The first two lines set flags for
the conditions (that it's an image, and that it was't referred
by a local document), the RewriteCond lines check
to see if the flags are set, the RewriteRule line
sets a third flag combining the two, and the last line causes the
logging of the request in a special file if that last flag is
set. The log entry is written in the pre-defined 'CLF' format
('Common Log Format'), but you could put together your own
format just as easily.

Other Resources

The techniques described in this article are geared toward a single purpose,
but illustrate some of the capabilities of the Apache server.
Here are some pointers to resources for further investigation:

  • The HTTP/1.1 definition document:
    ftp://ftp.isi.edu/in-notes/rfc2616.txt>
  • The main Apache Web site, of course:
    http://www.apache.org/>
  • The documentation for Apache and its modules:
    http://www.apache.org/docs/>
  • The canonical email response page:
    http://www.apache.org/foundation/email-response.html>

    (This page is normally used to respond to email requests for
    support, but there are lots of good resources listed on
    it.
    )

Then there are the specific pieces of the Apache documentation that are
directly related to the directives and commands described in this
article:

  • The documentation for documentation:
    http://www.apache.org/docs/mod/core.html#filesmatch>
  • The mod_setenvif documentation:
    http://www.apache.org/docs/mod/mod_setenvif.html>
  • The mod_access documentation:
    http://www.apache.org/docs/mod/mod_access.html>
  • The mod_rewrite documentation:
    http://www.apache.org/docs/mod/mod_rewrite.html>
  • The documentation on the CustomLog directive:
    http://www.apache.org/docs/mod/mod_log_config.html>

Conclusion

Latest Posts

Related Stories