Rails - Jun 2007 - Serving up images dynamically and preventing hotlinks

I create and serve images dynamically from a controller using RMagick.
I''d like to be able to display these images in my views, but I want to
prevent someone from hotlinking these images and consequently swiping my
bandwidth.

Currently I access the images using image_tag with formatted_x_path
helper, so the result is an image tag like:

<img
src="/imageserver/3f300fd9a1f84b58ec631718be6aab44-small-none.jpg"
/>

The show action in my imageserver controller builds the image and serves
it up.

What I''d like to do is prevent folks from using a similar image tag on
their own sites, or from pasting the link into a browser to directly
view the image. Of course, I want to preserve my ability to display
these images in my views.

The only thing I''ve come up with is to set a session variable when
they''re in my site creating the images, and check for that session
variable in my controller before I generate the image.

Are there any ideas out there about other methods? Standard HotLink
protection at my ISP does not prevent accessing images generated in this
manner.

thanks.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

If you''re on Apache, use mod_rewrite to redirect access to any *.jpg
file to an error page if the referrer is not your own domain. You can
put the rewrite directives in the .htaccess file, or if you have
access to the main Apache config, in the httpd.conf file. Google for
"mod_rewrite hotlink" and you''ll find lots of examples and
variants.

Michael
www.mslater.com

On Jun 5, 7:47 pm, Cayce Balara
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> I create and serve images dynamically from a controller using RMagick.
> I''d like to be able to display these images in my views, but I
want to
> prevent someone from hotlinking these images and consequently swiping my
> bandwidth.
>
> Currently I access the images using image_tag with formatted_x_path
> helper, so the result is an image tag like:
>
> <img
src="/imageserver/3f300fd9a1f84b58ec631718be6aab44-small-none.jpg"
> />
>
> The show action in my imageserver controller builds the image and serves
> it up.
>
> What I''d like to do is prevent folks from using a similar image
tag on
> their own sites, or from pasting the link into a browser to directly
> view the image. Of course, I want to preserve my ability to display
> these images in my views.
>
> The only thing I''ve come up with is to set a session variable when
> they''re in my site creating the images, and check for that session
> variable in my controller before I generate the image.
>
> Are there any ideas out there about other methods? Standard HotLink
> protection at my ISP does not prevent accessing images generated in this
> manner.
>
> thanks.
>
> --
> Posted viahttp://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Cayce Balara wrote:
> The only thing I''ve come up with is to set a session variable when
> they''re in my site creating the images, and check for that session
> variable in my controller before I generate the image.

Check the referrer variable in your controller, similar to what Michael 
suggested be done with apache.

def whatever
  redirect_to :error if request.env[''HTTP_REFERER''] !=  =~ 
/douglasfshearer.com/

  # generate image
end

It''s best if you make the regexp the simplest possible version of your 
domain.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Douglas Shearer wrote:
> Cayce Balara wrote:
> 
>> The only thing I''ve come up with is to set a session variable
when
>> they''re in my site creating the images, and check for that
session
>> variable in my controller before I generate the image.
> 
> 
> Check the referrer variable in your controller, similar to what Michael 
> suggested be done with apache.
> 
> def whatever
>   redirect_to :error if request.env[''HTTP_REFERER''] != 
=~
> /douglasfshearer.com/
> 
>   # generate image
> end
> 
> It''s best if you make the regexp the simplest possible version of
your
> domain.
Thanks Doug, this is working very well.

c.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Cayce Balara wrote:
> Thanks Doug, this is working very well.

Nice, glad to help out.

D.
http://douglasfshearer.com


-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

hi its seems like you have done a hard work on it. I have got lots of

information from your post. Really appreciate your work.!! It was

describe very nicely keep us doing good work..
http://www.dealsourcedirect.com/ion-tape2pc.html

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.