You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rb...@apache.org on 2009/11/03 00:12:27 UTC
svn commit: r832182 - in /httpd/httpd/trunk/docs/manual/rewrite:
access.html.en access.xml rewrite_guide.html.en rewrite_guide.xml
Author: rbowen
Date: Mon Nov 2 23:12:26 2009
New Revision: 832182
URL: http://svn.apache.org/viewvc?rev=832182&view=rev
Log:
Moves the 'image theft' recipe from rewrite_guide to access
Modified:
httpd/httpd/trunk/docs/manual/rewrite/access.html.en
httpd/httpd/trunk/docs/manual/rewrite/access.xml
httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en
httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml
Modified: httpd/httpd/trunk/docs/manual/rewrite/access.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/access.html.en?rev=832182&r1=832181&r2=832182&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/access.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/access.html.en Mon Nov 2 23:12:26 2009
@@ -35,9 +35,92 @@
configuration.</p>
</div>
-<div id="quickview"><h3>See also</h3><ul class="seealso"><li><a href="../mod/mod_rewrite.html">Module documentation</a></li><li><a href="intro.html">mod_rewrite introduction</a></li></ul></div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#blocked-inline-images">Forbidding Image "Hotlinking"</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#blocking-of-robots">Blocking of Robots</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="../mod/mod_rewrite.html">Module documentation</a></li><li><a href="intro.html">mod_rewrite introduction</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
+<h2><a name="blocked-inline-images" id="blocked-inline-images">Forbidding Image "Hotlinking"</a></h2>
+
+
+
+ <dl>
+ <dt>Description:</dt>
+
+ <dd>
+ <p>The following technique forbids the practice of other sites
+ including your images inline in their pages. This practice is
+ often referred to as "hotlinking", and results in
+ your bandwidth being used to serve content for someone else's
+ site.</p>
+ </dd>
+
+ <dt>Solution:</dt>
+
+ <dd>
+ <p>This technique relies on the value of the
+ <code>HTTP_REFERER</code> variable, which is optional. As
+ such, it's possible for some people to circumvent this
+ limitation. However, most users will experience the failed
+ request, which should, over time, result in the image being
+ removed from that other site.</p>
+ <p>There are several ways that you can handle this
+ situation.</p>
+
+ <p>In this first example, we simply deny the request, if it didn't
+ initiate from a page on our site. For the purpose of this example,
+ we assume that our site is <code>www.example.com</code>.</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> - [F,NC]
+</pre></div>
+
+ <p>In this second example, instead of failing the request, we display
+ an alternate image instead.</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> /images/go-away.png [R,NC]
+</pre></div>
+
+ <p>In the third example, we redirect the request to an image on some
+ third-party site.</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> http://other.site.com/image.gif [R,NC]
+</pre></div>
+
+ <p>Of these techniques, the last two tend to be the most effective
+ in getting people to stop hotlinking your images, because they will
+ simply not see the image that they expected to see.</p>
+
+ </dd>
+
+ <dt>Discussion:</dt>
+
+ <dd>
+ <p>If all you wish to do is deny access to the resource, rather
+ than redirecting that request elsewhere, this can be
+ accomplished without the use of mod_rewrite:</p>
+
+ <div class="example"><p><code>
+ SetEnvIf Referer example\.com localreferer<br />
+ <FilesMatch \.(jpg|png|gif)$><br />
+ Order deny,allow<br />
+ Deny from all<br />
+ Allow from env=localreferer<br />
+ </FilesMatch>
+ </code></p></div>
+ </dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
<h2><a name="blocking-of-robots" id="blocking-of-robots">Blocking of Robots</a></h2>
@@ -82,7 +165,7 @@
</pre></div>
</dd>
- <dt>Discussion</dt>
+ <dt>Discussion:</dt>
<dd>
<p>
@@ -94,7 +177,8 @@
<Location /secret/files><br />
Order allow,deny<br />
Allow from all<br />
- Deny from env=goaway
+ Deny from env=goaway<br />
+ </Location>
</code></p></div>
<p>
As noted above, this technique is trivial to circumvent, by simply
Modified: httpd/httpd/trunk/docs/manual/rewrite/access.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/access.xml?rev=832182&r1=832181&r2=832182&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/access.xml (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/access.xml Mon Nov 2 23:12:26 2009
@@ -43,6 +43,87 @@
<seealso><a href="../mod/mod_rewrite.html">Module documentation</a></seealso>
<seealso><a href="intro.html">mod_rewrite introduction</a></seealso>
+ <section id="blocked-inline-images">
+
+ <title>Forbidding Image "Hotlinking"</title>
+
+ <dl>
+ <dt>Description:</dt>
+
+ <dd>
+ <p>The following technique forbids the practice of other sites
+ including your images inline in their pages. This practice is
+ often referred to as "hotlinking", and results in
+ your bandwidth being used to serve content for someone else's
+ site.</p>
+ </dd>
+
+ <dt>Solution:</dt>
+
+ <dd>
+ <p>This technique relies on the value of the
+ <code>HTTP_REFERER</code> variable, which is optional. As
+ such, it's possible for some people to circumvent this
+ limitation. However, most users will experience the failed
+ request, which should, over time, result in the image being
+ removed from that other site.</p>
+ <p>There are several ways that you can handle this
+ situation.</p>
+
+ <p>In this first example, we simply deny the request, if it didn't
+ initiate from a page on our site. For the purpose of this example,
+ we assume that our site is <code>www.example.com</code>.</p>
+
+<example><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> - [F,NC]
+</pre></example>
+
+ <p>In this second example, instead of failing the request, we display
+ an alternate image instead.</p>
+
+<example><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> /images/go-away.png [R,NC]
+</pre></example>
+
+ <p>In the third example, we redirect the request to an image on some
+ third-party site.</p>
+
+<example><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !www.example.com [NC]
+RewriteRule <strong>\.(gif|jpg|png)$</strong> http://other.site.com/image.gif [R,NC]
+</pre></example>
+
+ <p>Of these techniques, the last two tend to be the most effective
+ in getting people to stop hotlinking your images, because they will
+ simply not see the image that they expected to see.</p>
+
+ </dd>
+
+ <dt>Discussion:</dt>
+
+ <dd>
+ <p>If all you wish to do is deny access to the resource, rather
+ than redirecting that request elsewhere, this can be
+ accomplished without the use of mod_rewrite:</p>
+
+ <example>
+ SetEnvIf Referer example\.com localreferer<br />
+ <FilesMatch \.(jpg|png|gif)$><br />
+ Order deny,allow<br />
+ Deny from all<br />
+ Allow from env=localreferer<br />
+ </FilesMatch>
+ </example>
+ </dd>
+ </dl>
+
+ </section>
+
<section id="blocking-of-robots">
<title>Blocking of Robots</title>
@@ -87,7 +168,7 @@
</pre></example>
</dd>
- <dt>Discussion</dt>
+ <dt>Discussion:</dt>
<dd>
<p>
@@ -99,7 +180,8 @@
<Location /secret/files><br />
Order allow,deny<br />
Allow from all<br />
- Deny from env=goaway
+ Deny from env=goaway<br />
+ </Location>
</example>
<p>
As noted above, this technique is trivial to circumvent, by simply
Modified: httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en?rev=832182&r1=832181&r2=832182&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.html.en Mon Nov 2 23:12:26 2009
@@ -56,7 +56,6 @@
<li><img alt="" src="../images/down.gif" /> <a href="#old-to-new">From Old to New (intern)</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#old-to-new-extern">From Old to New (extern)</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#static-to-dynamic">From Static to Dynamic</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#blocked-inline-images">Forbidding Image "Hotlinking"</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#proxy-deny">Proxy Deny</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#external-rewriting">External Rewriting Engine</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cluster">Web Cluster with Consistent URL Space</a></li>
@@ -652,70 +651,6 @@
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
-<h2><a name="blocked-inline-images" id="blocked-inline-images">Forbidding Image "Hotlinking"</a></h2>
-
-
-
- <dl>
- <dt>Description:</dt>
-
- <dd>
- <p>The following technique forbids the practice of other sites
- including your images inline in their pages. This practice is
- often referred to as "hotlinking", and results in
- your bandwidth being used to serve content for someone else's
- site.</p>
- </dd>
-
- <dt>Solution:</dt>
-
- <dd>
- <p>This technique relies on the value of the
- <code>HTTP_REFERER</code> variable, which is optional. As
- such, it's possible for some people to circumvent this
- limitation. However, most users will experience the failed
- request, which should, over time, result in the image being
- removed from that other site.</p>
- <p>There are several ways that you can handle this
- situation.</p>
-
- <p>In this first example, we simply deny the request, if it didn't
- initiate from a page on our site. For the purpose of this example,
- we assume that our site is <code>www.example.com</code>.</p>
-
-<div class="example"><pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !www.example.com [NC]
-RewriteRule <strong>\.(gif|jpg|png)$</strong> - [F,NC]
-</pre></div>
-
- <p>In this second example, instead of failing the request, we display
- an alternate image instead.</p>
-
-<div class="example"><pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !www.example.com [NC]
-RewriteRule <strong>\.(gif|jpg|png)$</strong> /images/go-away.png [R,NC]
-</pre></div>
-
- <p>In the third example, we redirect the request to an image on some
- third-party site.</p>
-
-<div class="example"><pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !www.example.com [NC]
-RewriteRule <strong>\.(gif|jpg|png)$</strong> http://other.site.com/image.gif [R,NC]
-</pre></div>
-
- <p>Of these techniques, the last two tend to be the most effective
- in getting people to stop hotlinking your images, because they will
- simply not see the image that they expected to see.</p>
-
- </dd>
- </dl>
-
- </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="section">
<h2><a name="proxy-deny" id="proxy-deny">Proxy Deny</a></h2>
Modified: httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml?rev=832182&r1=832181&r2=832182&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/rewrite_guide.xml Mon Nov 2 23:12:26 2009
@@ -627,70 +627,6 @@
</section>
- <section id="blocked-inline-images">
-
- <title>Forbidding Image "Hotlinking"</title>
-
- <dl>
- <dt>Description:</dt>
-
- <dd>
- <p>The following technique forbids the practice of other sites
- including your images inline in their pages. This practice is
- often referred to as "hotlinking", and results in
- your bandwidth being used to serve content for someone else's
- site.</p>
- </dd>
-
- <dt>Solution:</dt>
-
- <dd>
- <p>This technique relies on the value of the
- <code>HTTP_REFERER</code> variable, which is optional. As
- such, it's possible for some people to circumvent this
- limitation. However, most users will experience the failed
- request, which should, over time, result in the image being
- removed from that other site.</p>
- <p>There are several ways that you can handle this
- situation.</p>
-
- <p>In this first example, we simply deny the request, if it didn't
- initiate from a page on our site. For the purpose of this example,
- we assume that our site is <code>www.example.com</code>.</p>
-
-<example><pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !www.example.com [NC]
-RewriteRule <strong>\.(gif|jpg|png)$</strong> - [F,NC]
-</pre></example>
-
- <p>In this second example, instead of failing the request, we display
- an alternate image instead.</p>
-
-<example><pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !www.example.com [NC]
-RewriteRule <strong>\.(gif|jpg|png)$</strong> /images/go-away.png [R,NC]
-</pre></example>
-
- <p>In the third example, we redirect the request to an image on some
- third-party site.</p>
-
-<example><pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
-RewriteCond %{HTTP_REFERER} !www.example.com [NC]
-RewriteRule <strong>\.(gif|jpg|png)$</strong> http://other.site.com/image.gif [R,NC]
-</pre></example>
-
- <p>Of these techniques, the last two tend to be the most effective
- in getting people to stop hotlinking your images, because they will
- simply not see the image that they expected to see.</p>
-
- </dd>
- </dl>
-
- </section>
-
<section id="proxy-deny">
<title>Proxy Deny</title>