Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

image inlining

 
Nick Tountas
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Is there a way to disallow image inlining (i.e. people from linking to my website's images consuming my bandwidth)

To clarify: I have some images in a http://www.mydomain.com which should not be linked from other sites like this:
<img src="http://www.mydomain.com/theimage.jpg">
Only my webapp should be able to use a particular set of images.

I'm using Apache-Tomcat 5.5.17, Windows xp, JDK 1.5_07

Haven't tried filters yet. It could be the answer but nonetheless I would like some input on the matter.


Thank you

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13071
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Seems to me that if every legitimate image request has an associated session id then a filter is what you want.
Note that image file and plain HTML file serving is done by the default Servlet - configured in the web.xml file in the conf directory.

Bill
 
Nick Tountas
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your reply Bill, sounds good.

I would like to minimize the overhead so was looking to avoid filters, as with each image request (and there are quite a lot, there is a photo gallery etc.) Tomcat will need to process stuff (create / delete filter classes etc)

Could there be a cleaner approach?

 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"nickt nickt",
Welcome to the JavaRanch.

We're a friendly group, but we do require members to have valid display names.

Display names must be two words: your first name, a space, then your last name. Fictitious names are not allowed.

Please edit your profile and correct your display name since accounts with display names get deleted, often without warning

thanks,
Dave
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with William, look at a filter, however I would parse the referer http header and reject the request (or return a default image) if it is not your site.

Don't worry about the 'overhead' of creating filter classes. Find a solution which works and then profile it. I think you'll find there are hundreds of other classes created anyway and the filters will be of no consequence.

Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic