WANTED: CGI to prevent files from being linked

I have a webcam that saves files under the same name in the same directory. Problem is I have people linking the images off my site onto theirs. I am looking for a CGI script that says if the image is not being loaded from this page I'm going to deny the request.
tclarkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

icdCommented:
One way to do this is to not store the image with the same name every time. For example you could give it a random name and so any external links will fail when the name changes.

For example, store the image with the name "webcam847583.jpg". The script that displays this image will be able to determine the name of the file but scripts on other servers will not. (More on this later). If anyone links to this page then the link will fail when the next update from the webcam deletes "webcam847583.jpg" and creates a new random name of "webcam6736754.jpg" (for example).

You can use whatever random sequence you want, indeed it need not even be random, just increment the number each time you update the image will prevent anyone else from determining when the name changes.

The script that generates the page that has the image within it can do something like this at the point it needs to generate the html for the image link:-

opendir(IMG_DIR, "../img");
@allfiles = grep(/^webcam/, readdir(IMG_DIR));
closedir(IMG_DIR);
print "Latest Web Cam Image<br><img src=\"../img/";
print $allfiles[0]."\">\n";

So long as the script that generates the image ensures it deletes the old versions after it creates a new version then there will only be one file of the form "webcamXXXXXX.jpg" in the img directory.


0
julio011597Commented:
If your images are published on the web, then there's no solution, since people will always be able to access and download them.

If, otherwise, users can only get your images through a CGI program, then the solution is quite simple (simpler than icd's one, i'm afraid).

Could you tell something more?
0
icdCommented:
julio.

If I read the question correctly, it is not so much downloading the images but since this is a webcam tclark wants to prevent other pages embedding the webcam image within their own html pages. Rather like the way that newspaper sites try to prevent web sites embedding the 'comic of the day' in their own web page.

However, if I have mis-understood the problem, please present your own answer, tclark should reject my solution if s/he prefers yours.

0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

julio011597Commented:
Sorry icd, i really didn't mean to offend anybody; maybe my English betrayes me sometimes.

I'm not posting a solution because i'm not sure about what the question is; the simpler solution i was thinking about is just reading the HTTP_REFERER env var.

Regards
0
icdCommented:
no offence taken.

I also thought about the HTTP_REFERER but is it not the case that it does not work with the IE browser? I also thought it did  not work with images embedded inside an html document but now that I think about it again I am probably wrong.

0
joseph4Commented:
i avoid http_referer because not all browsers support it, yes. in fact, i don't fight leeches with cgi at all: i use htaccess to deny any requests from outside my own subnet. if you're interested in that approach, let us know.
0
tclarkAuthor Commented:
I have thought of the cgi solution, but once again what is to prevent someone from simply calling the CGI. How about using a SSI to pull it? I guess I'm trying to find a way to hide the location of the images.

Todd
0
gwaltersCommented:
I know cookies are not all that popular (though I see your site already uses them), but you could do this:

1) Set a cookie on a previous page.
2) Look for the cookie when serving the image (which would be referenced through a CGI).
3) If the cookie is there, serve the image, else serve a "go away" image.

Now, even if they figure out that it's a cookie, they can't set it, since your image request will be on a different domain.
0
jhurstCommented:
Have a look at the page:

http://www.geocities.com/Pipeline/7284

It uses <img src=...> but
0
gwaltersCommented:

I thought we already agreed to stay away from "Referer".

BTW, it did work with Internet Explorer, but I beleive some proxies may strip out "Referer".


0
julio011597Commented:
AFAIK, due to HTTP protocol itself, there's no absolute solution to your problem; that's why i keep thinking the HTTP_REFERER solutions is the best :)
0
dbogstadCommented:
A POSSIBLE solution might be to try a Multipart MIME format for your CGI output. Instead of using HTML tags to embed your image file in your html file, use a multipart MIME type so that the HTML file AND the image file are combined by the HTTP server and sent to the browser. THat way, anyone hitting your CGI script would necessarily receive YOUR web page. Subsequently, you would want to hide the image file and directory from public view.

Check out this URL: http://reference.nrcs.usda.gov/ietf/rfc/2200/rfc2112.htm

maybe something like this:


     Content-Type: Multipart/Related; boundary=example-1
             start="<_@_._>";
             type="text/html"
     --example-1
     Content-Type: text/html
     <HTML>
     <BODY>
     
     --example-1
     Content-Type: image/jpeg
     // Write file data here with CGI script
     --example-1--

     Content-Type: text/html
     </BODY>
     </HTML>

     --example-1--
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.