Member Avatar for ghostsquad

So, I've scoured the web for a way to block direct access to an image, kind of like hotlinking, but on my website.

For example: going to http://www.mydomain.com/images/someimage.gif should bring the user to a 403 (access denied) page instead of displaying the image. I wanted to do this using .htaccess and for all to know, this is how I did it.

I can use phpThumb (http://phpthumb.sourceforge.net/) to display thumbnails, but someone can also use this to simply "parse" the image, without modifying it in any way (displayed below)

Here's how the .htaccess looks

# normal hotlink prevention requires first 3 lines (3rd line being for my localserver)
# using phpThumb to display my images allows the images to be displayed on the website
# but when tried to access directly ie. http://www.mydomain.com/images/foo.gif
# the user is redirected to error 403 page
# which means I don't need to have those conditions. Infact, with those conditions in place allows users
# to see the images (but still cannot hotlink)

#RewriteCond %{HTTP_REFERER} !^$
#RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.com/.*$ [NC]
#RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.dev/.*$ [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F,NC]

All images are written in this format on my website:

<img src="lib/php/functions/phpThumb/phpThumb.php?src=/lib/images/foo.gif" alt="foo" />

if anyone has any better way to do this, I would gladly appreciate knowing. This is just something I found out on accident actually.

  • 3 Contributors
  • 5 Replies
  • 107 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by ghostsquad
Member Avatar for MidiMagic

Why do you want to hide images? If you don't want people to see your images, don't put them on the Internet.

You aren't going to stop people from copying your images either. Anyone can do a Ctrl-Print-Screen and recover the image in MS Paint.

Member Avatar for ghostsquad

Why do you want to hide images? If you don't want people to see your images, don't put them on the Internet.

You aren't going to stop people from copying your images either. Anyone can do a Ctrl-Print-Screen and recover the image in MS Paint.

The images on the website get watermarked and resized dynamically using phpThumb. Infact, phpThumb can do lots to images. I want to make the image once in Photoshop, and use phpThumb to do the rest. For security reasons, I don't want web users to be able to get to, and use the unformatted images.

Member Avatar for MidiMagic

Security??? I think of security as keeping people from breaking into a computer and doing damage, or keeping them from stealing Social Insecurity numbers. I don't think of someone downloading an image from your page as a security issue, but a copyright infringement.

Something tells me that copyright will disappear in ten years or less, because the Internet will make it cost-prohibitive to enforce.

For your "security" reasons, you should store the watermarked image on the site, instead of the plain image.

But note that watermark-removal software is easy to write.

Member Avatar for ghostsquad

Security??? I think of security as keeping people from breaking into a computer and doing damage, or keeping them from stealing Social Insecurity numbers. I don't think of someone downloading an image from your page as a security issue, but a copyright infringement.

Something tells me that copyright will disappear in ten years or less, because the Internet will make it cost-prohibitive to enforce.

For your "security" reasons, you should store the watermarked image on the site, instead of the plain image.

But note that watermark-removal software is easy to write.

yes, excuse me. Copyright is what I meant.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.