Solved

WANTED: CGI to prevent files from being linked

Posted on 1998-02-02
12
283 Views
Last Modified: 2013-12-25
I have a webcam that saves files under the same name in the same directory. Problem is I have people linking the images off my site onto theirs. I am looking for a CGI script that says if the image is not being loaded from this page I'm going to deny the request.
0
Comment
Question by:tclark
  • 3
  • 3
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:icd
ID: 1831902
One way to do this is to not store the image with the same name every time. For example you could give it a random name and so any external links will fail when the name changes.

For example, store the image with the name "webcam847583.jpg". The script that displays this image will be able to determine the name of the file but scripts on other servers will not. (More on this later). If anyone links to this page then the link will fail when the next update from the webcam deletes "webcam847583.jpg" and creates a new random name of "webcam6736754.jpg" (for example).

You can use whatever random sequence you want, indeed it need not even be random, just increment the number each time you update the image will prevent anyone else from determining when the name changes.

The script that generates the page that has the image within it can do something like this at the point it needs to generate the html for the image link:-

opendir(IMG_DIR, "../img");
@allfiles = grep(/^webcam/, readdir(IMG_DIR));
closedir(IMG_DIR);
print "Latest Web Cam Image<br><img src=\"../img/";
print $allfiles[0]."\">\n";

So long as the script that generates the image ensures it deletes the old versions after it creates a new version then there will only be one file of the form "webcamXXXXXX.jpg" in the img directory.


0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831903
If your images are published on the web, then there's no solution, since people will always be able to access and download them.

If, otherwise, users can only get your images through a CGI program, then the solution is quite simple (simpler than icd's one, i'm afraid).

Could you tell something more?
0
 
LVL 5

Expert Comment

by:icd
ID: 1831904
julio.

If I read the question correctly, it is not so much downloading the images but since this is a webcam tclark wants to prevent other pages embedding the webcam image within their own html pages. Rather like the way that newspaper sites try to prevent web sites embedding the 'comic of the day' in their own web page.

However, if I have mis-understood the problem, please present your own answer, tclark should reject my solution if s/he prefers yours.

0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831905
Sorry icd, i really didn't mean to offend anybody; maybe my English betrayes me sometimes.

I'm not posting a solution because i'm not sure about what the question is; the simpler solution i was thinking about is just reading the HTTP_REFERER env var.

Regards
0
 
LVL 5

Expert Comment

by:icd
ID: 1831906
no offence taken.

I also thought about the HTTP_REFERER but is it not the case that it does not work with the IE browser? I also thought it did  not work with images embedded inside an html document but now that I think about it again I am probably wrong.

0
 

Expert Comment

by:joseph4
ID: 1831907
i avoid http_referer because not all browsers support it, yes. in fact, i don't fight leeches with cgi at all: i use htaccess to deny any requests from outside my own subnet. if you're interested in that approach, let us know.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:tclark
ID: 1831908
I have thought of the cgi solution, but once again what is to prevent someone from simply calling the CGI. How about using a SSI to pull it? I guess I'm trying to find a way to hide the location of the images.

Todd
0
 
LVL 3

Expert Comment

by:gwalters
ID: 1831909
I know cookies are not all that popular (though I see your site already uses them), but you could do this:

1) Set a cookie on a previous page.
2) Look for the cookie when serving the image (which would be referenced through a CGI).
3) If the cookie is there, serve the image, else serve a "go away" image.

Now, even if they figure out that it's a cookie, they can't set it, since your image request will be on a different domain.
0
 
LVL 8

Expert Comment

by:jhurst
ID: 1831910
Have a look at the page:

http://www.geocities.com/Pipeline/7284

It uses <img src=...> but
0
 
LVL 3

Expert Comment

by:gwalters
ID: 1831911

I thought we already agreed to stay away from "Referer".

BTW, it did work with Internet Explorer, but I beleive some proxies may strip out "Referer".


0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831912
AFAIK, due to HTTP protocol itself, there's no absolute solution to your problem; that's why i keep thinking the HTTP_REFERER solutions is the best :)
0
 
LVL 1

Accepted Solution

by:
dbogstad earned 100 total points
ID: 1831913
A POSSIBLE solution might be to try a Multipart MIME format for your CGI output. Instead of using HTML tags to embed your image file in your html file, use a multipart MIME type so that the HTML file AND the image file are combined by the HTTP server and sent to the browser. THat way, anyone hitting your CGI script would necessarily receive YOUR web page. Subsequently, you would want to hide the image file and directory from public view.

Check out this URL: http://reference.nrcs.usda.gov/ietf/rfc/2200/rfc2112.htm

maybe something like this:


     Content-Type: Multipart/Related; boundary=example-1
             start="<_@_._>";
             type="text/html"
     --example-1
     Content-Type: text/html
     <HTML>
     <BODY>
     
     --example-1
     Content-Type: image/jpeg
     // Write file data here with CGI script
     --example-1--

     Content-Type: text/html
     </BODY>
     </HTML>

     --example-1--
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Most of the sites are being standardized with W3C Web Standards. W3C provides lot of web standard services to the web. They have the web specification, process and documentation for all the web standards. You can apply HTML, CSS and Accessibility st…
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now