Disabling Image Hotlinking on IIS Server

Suncoty

Guppy
Any way of doing this? I have a bunch of people who are "skimming" bandwidth by linking to the images on my space rather than making their own copy.

Thanks..

Michael
 
Normally this is done using ASAPI filters I guess, but you can't install those.
An alternative is the ASP.net method, make a class implementing the IHttpModule class, add it to your web.config and you should be able to handle these requests.

Looked on Google a bit, since someone was bound to have made something like this. And indeed, I think this will do what you want it to:
http://www.irritatedvowel.com/Programming/DeepLinkingHttpModule.aspx

Edit: Hmm, it seems you still need to enable ASAPI filter processing for image files to make this work. Perhaps JodoHost can be of assistance, after all it's a semi standard request.
 
Change the picture and play a joke on them ;)

Anyway, the reason we don't do any DLLs is because we don't know what code they could contain. However, if what you wish to install is made from a reliable software maker, and is used in shared hosting environments, we'd definately consider installing it
 
Yash, that shouldn't be an issue with the solution I provided above. The ASAPI DLL that's being added is a Microsoft standard DLL, and enables the use of the IHttpModule mechanic for .jpg files.

The actual handling is done by the customer's .net code, but that code has the same restrictions as any other ASP.net script he would write, so there is no security issue.
 
You can also use the SendBinary method of the Persits AspJPEG component when linking to your images via your site.

Ie. <img src="http://www.yourdomain.com/SendBinary.asp?Image=thisimage.jpeg">

More info: http://www.aspupload.com/aspjpeg.html

Although this won't do anything to prevent your current hotlinkers (unless you move the images to a new directory).
 
What I do : images are saved with a unique ID (GUID), and this GUID is stored in the database.
Now I also have a script which changes all GUIDs, both in filename and in the database. This prevents hotlinking I think :)

Regards,
Niels
 
Well ... normally you don't see the filename of the image, unless you w?nt to hotlink it and see its properties :evil: I prefer ugliness instead of people stealing my photographs in fact :D

Regards,
Niels
 
Thanks for the replies, everyone. I'm going to put in a ticket to request this be added. One of you mentioned that it's just a Microsoft DLL to install. So what exactly should I put on this ticket / what steps are required to get this up and running?

Thanks.

Michael
 
Just give the link to the DLL and ask it to be installed as an ASAPI DLL. I'll let them know to install it because they'll normally reject it straight away according to our policy..
 
The DLL is already on the system, as it's installed with the .NET framework and called for ASP.net scripts. On my home machine it's C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

A mapping would have to be added for the extension .jpg, and possibly .png or some other extension to be protected.
It's probably best to add this mapping for this particular customer's site only though.

In fact, it would be very nice if this kind of mapping was manageable in H-Sphere, JodoHost would just provide a list of installed and authorized DLLs, and customers could create mappings from any extension to these DLLs. Think I'll post it on the PSoft forum ;)
 
Yash said:
Just give the link to the DLL and ask it to be installed as an ASAPI DLL. I'll let them know to install it because they'll normally reject it straight away according to our policy..

Done. Ticket #7751 if there are any questions. Didn't have a particular link but I mentioned the info in the post above about the path to the file on his local machine. I mentioned in the ticket that it's probably already on the server in the .NET framework.

Thanks again, Yash.

Michael
 
Back
Top