Deep Linking revisited.

jelwell

Joined: 2003-05-29
Posts: 115
Posted: Fri, 2004-01-16 19:02

I've made some improvements and modifications to the anti-deep-linking code floating around. The improvements, in a nutshell, allow users behind firewalls/proxies that eat the HTTP_REFERER to see the remote image. Also I've added a demonstration on how you would go about allowing and denying based on who owns the photo that is be deep linked.

.htaccess file:

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTP_REFERER} !^http://(www.|)example.com/.*$ [NC]
        RewriteCond %{HTTP_REFERER} !^http://(www.|)friendsSite.com.*$ [NC]
        RewriteRule (.*)/(.*).(jpg|gif|avi|png|mpg|mpeg)$  http://www.example.com/gallery/rewrite.php?dir=$1&file=$2&ext=$3
</IfModule>

The first RewriteCond checks to make sure that the referrer is either example.com or www.example.com.
The second condition allows my friend's site to deep link, cause i like them.

The RewriteRule gets called *only* if the two conditions are satisfied.

I've attached rewrite.php. What it checks for is clients that don't send HTTP_REFERER, that can be clients behind a firewall or proxy. But it allows those clients as long as they have a gallery session open with our site.

Also I've demonstrated how you can check information about the photo's owner to allow based on that. For example you could add a flag to "User.php" called $deeplinker, and you could allow or deny based on the flag.

joe.

 
jelwell

Joined: 2003-05-29
Posts: 115
Posted: Fri, 2004-01-16 19:18

Oh one note: Privoxy (which i use to eat banners and spying cookies) LIES about it's HTTP_REFERER. So if you're on foo.com and it's embedded one of your images from mysite.com then Privoxy tells mysite.com that the referrer was actually mysite.com NOT foo.com.

lies lies lies. This gets around the .htaccess file entirely. One way to combat this would be to rewrite *ALL* images despite the HTTP_REFERER. (Basically deleting the two RewriteCond lines. Then in rewrite.php do the albumName check even if the referrer is set.

joe.

 
diomark
diomark's picture

Joined: 2003-03-14
Posts: 90
Posted: Fri, 2004-01-16 23:44

Joe, take a look at my work on that same script here - watermarks the images if deeplinked..

http://gallery.menalto.com/index.php?name=PNphpBB2&file=viewtopic&p=55547#55547

...can you share the rewrite.php code?

Thanks,
-mark

 
jelwell

Joined: 2003-05-29
Posts: 115
Posted: Fri, 2004-01-16 23:50
diomark wrote:
Joe, take a look at my work on that same script here - watermarks the images if deeplinked..

http://gallery.menalto.com/index.php?name=PNphpBB2&file=viewtopic&p=55547#55547

...can you share the rewrite.php code?

Thanks,
-mark

this rocks. I will definitely try this out. Might be useful to do both. That's weird, rewrite.php should have been attached to the original post. let me try again.
joe.