We help IT Professionals succeed at work.

blocking a referer IP (i think)

paries
paries asked
on
547 Views
Last Modified: 2008-08-25
hello,
there is a site that is linking to images and content on my site.
i can use iptables to block them linking to my images, but i do not want them to click on a link from that site and be able to come to my site

I think that is the referer is that correct?

is there something in the httpd.conf that i can use to block or can i do that at iptables? ( i realize that this is not the correct place for iptables, so you may not be ale to answer that)

Thanks
Randy
Comment
Watch Question

Top Expert 2008

Commented:
> i can use iptables to block them linking to my images,

No, because the browser requests the image. The only thing you can do is to block the referer, i.e. the referring url like http://example.com. But the referer is a very unreliable variable....

But anyway... blocking hyper links from other sites is not the goal of the internet...
SetEnvIf Referer "^http://(www\.)?example\.com" external_referal
Order Allow,Deny
Deny from env=external_referal
Allow from all

Open in new window

Author

Commented:
thanks,

i luv BS comments like this
"But anyway... blocking hyper links from other sites is not the goal of the internet..."

i take it in the world you live in everyone gets thier bandwidth free. I would love to use your host..
caterham_www has a point, though. Once a site goes public, you have to accept that you are effectively making your content available to all. Blocking access to images that are supposed to be viewed as part of your HTML page is one thing, but to ban visitors altogether is going to be difficult.


The HTTP_REFERER really is not reliable, as it can be set to anything the visitor's browser wants. But you can try caterham_www's method for blocking visitors who do set the referrer to the enemy site. It may not be successful in all cases, though.

If you just don't want images made available until a visitor has definitely visited the page, you could replace images with calls to scripts (such as PHP) that check that a session variable has been set (by visiting the HTML page) first, but this is quite a bulky solution. Or you could require a login for your pages, though this will probably cause Google to drop most of them from its index.

It's a tricky balance, unfortunately.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.