Serving up images dynamically and preventing hotlinks

yardboy · June 6, 2007, 4:47am

I create and serve images dynamically from a controller using RMagick.
I’d like to be able to display these images in my views, but I want to
prevent someone from hotlinking these images and consequently swiping my
bandwidth.

Currently I access the images using image_tag with formatted_x_path
helper, so the result is an image tag like:

The show action in my imageserver controller builds the image and serves
it up.

What I’d like to do is prevent folks from using a similar image tag on
their own sites, or from pasting the link into a browser to directly
view the image. Of course, I want to preserve my ability to display
these images in my views.

The only thing I’ve come up with is to set a session variable when
they’re in my site creating the images, and check for that session
variable in my controller before I generate the image.

Are there any ideas out there about other methods? Standard HotLink
protection at my ISP does not prevent accessing images generated in this
manner.

thanks.

yardboy · June 7, 2007, 6:56am

If you’re on Apache, use mod_rewrite to redirect access to any *.jpg
file to an error page if the referrer is not your own domain. You can
put the rewrite directives in the .htaccess file, or if you have
access to the main Apache config, in the httpd.conf file. Google for
“mod_rewrite hotlink” and you’ll find lots of examples and variants.

Michael
www.mslater.com

On Jun 5, 7:47 pm, Cayce B. [email protected]

yardboy · June 7, 2007, 2:18pm

Cayce B. wrote:

The only thing I’ve come up with is to set a session variable when
they’re in my site creating the images, and check for that session
variable in my controller before I generate the image.

Check the referrer variable in your controller, similar to what Michael
suggested be done with apache.

def whatever
redirect_to :error if request.env[‘HTTP_REFERER’] != =~
/douglasfshearer.com/

generate image

end

It’s best if you make the regexp the simplest possible version of your
domain.

yardboy · June 11, 2007, 2:52am

Douglas S. wrote:

Cayce B. wrote:

The only thing I’ve come up with is to set a session variable when
they’re in my site creating the images, and check for that session
variable in my controller before I generate the image.

Check the referrer variable in your controller, similar to what Michael
suggested be done with apache.

def whatever
redirect_to :error if request.env[‘HTTP_REFERER’] != =~
/douglasfshearer.com/

generate image

end

It’s best if you make the regexp the simplest possible version of your
domain.

Thanks Doug, this is working very well.

c.

yardboy · June 11, 2007, 3:02am

Cayce B. wrote:

Thanks Doug, this is working very well.

Nice, glad to help out.

D.

yardboy · November 29, 2010, 4:03pm

hi its seems like you have done a hard work on it. I have got lots of

information from your post. Really appreciate your work.!! It was

describe very nicely keep us doing good work…
http://www.dealsourcedirect.com/ion-tape2pc.html