httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Robert Casey" <>
Subject RE: [users@httpd] Handler for images in a directory.
Date Tue, 04 Mar 2003 17:48:31 GMT
what about the idea of using mod_rewrite?  i'm not up on the syntax, but
have apache rewrite requests for "/protected-dir/([\w|\d]+)\.jpg" to

it will keep the developer (if it isn't yourself) happy because they just
link to the images as they usually do, but you can implement any
restrictions you want inside protector.cgi.


-----Original Message-----
From: Chris Meadors []
Sent: Tuesday, March 04, 2003 12:27 AM
Subject: Re: [users@httpd] Handler for images in a directory.

Garth Winter Webb wrote:

> What exactly do you mean by "dumping it from the drive"?  I still don't
> understand what this CGI is doing and why it makes it harder to get the
> image.  The only possibility I can think of is that your script can
> somehow tell that the image is being requested by a browser that has
> just loaded your popup window as opposed to some guy entering a direct
> URL.

He and I don't want to have to make 400 HTML documents, one for each
image.  The links all over his site already pop-up windows with the tool
bars disabled.  But they link directly to the image.  So I need
something that takes the image link, and returns an HTML document
instead, that has the image displayed inside it.  This HTML document
disables the context menu.

> But as stated before, it is simply impossible to show images on a page,
> yet not let people copy those images.  Really all you can hope to do is
> make it *hard enough* so that a certain percentage of your audience will
> give up before succeeding.

I agree, and so does the guy that owns the site.

> Furthermore, this percentage has a ceiling.  At some point, the people
> who continue trying to load your image will give up attacking the CGI
> wall you are building and simply turn their browser cache on, load your
> page and then harvest the disk cache for the image.
> So, the best thing for you to do is make your technique just as much a
> bother as rooting through the disk cache, otherwise its a wasted
> effort.  In my opinion, a popup window without a toolbar and javascript
> to disable right clicking meets that amount of bother.

Exactly what he is doing, except the right clicking was still enabled.
So each image needed to be wrapped in HTML.

Since all the links where there, and the images were in one directory.
I thought that Apache's "Action" on the image/jpeg for the directory
would be nice.  I wrote a quick CGI script that would just output the
needed HTML and included <img src="/protected-dir/image.jpg">, but
before I even put it in place I relized that just because the image was
being loaded in the handler, didn't mean it wouldn't be parsed by the
handler again.  So I wrote a second cgi script that could be passed a
URI and it would fetch it from the disk, not through the server, and
just dump the contents of the file after the propper headers. So it
ended up looking like <img

That works but feels too hackish.  I really just wanted one script that
would do it all, and could use the image's URL internally.

So what I'm thinking now is, have the handler check to see if the
HTTP_REFERER equals REQUEST_URL, that will mean that the handler has
called itself, in that case, open the image file, write the Content-type
header then write the file to the standard out, else write the HTML
document that has an inline image with the src equal to the REQUEST_URI.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message