I create and serve images dynamically from a controller using RMagick.
I’d like to be able to display these images in my views, but I want to
prevent someone from hotlinking these images and consequently swiping my
Currently I access the images using image_tag with formatted_x_path
helper, so the result is an image tag like:
The show action in my imageserver controller builds the image and serves
What I’d like to do is prevent folks from using a similar image tag on
their own sites, or from pasting the link into a browser to directly
view the image. Of course, I want to preserve my ability to display
these images in my views.
The only thing I’ve come up with is to set a session variable when
they’re in my site creating the images, and check for that session
variable in my controller before I generate the image.
Are there any ideas out there about other methods? Standard HotLink
protection at my ISP does not prevent accessing images generated in this
If you’re on Apache, use mod_rewrite to redirect access to any *.jpg
file to an error page if the referrer is not your own domain. You can
put the rewrite directives in the .htaccess file, or if you have
access to the main Apache config, in the httpd.conf file. Google for
“mod_rewrite hotlink” and you’ll find lots of examples and variants.