Is there a way to disallow image inlining (i.e. people from linking to my website's images consuming my bandwidth)
To clarify: I have some images in a http://www.mydomain.com which should not be linked from other sites like this: <img src="http://www.mydomain.com/theimage.jpg"> Only my webapp should be able to use a particular set of images.
I'm using Apache-Tomcat 5.5.17, Windows xp, JDK 1.5_07
Haven't tried filters yet. It could be the answer but nonetheless I would like some input on the matter.
Seems to me that if every legitimate image request has an associated session id then a filter is what you want. Note that image file and plain HTML file serving is done by the default Servlet - configured in the web.xml file in the conf directory.
posted 12 years ago
Thank you for your reply Bill, sounds good.
I would like to minimize the overhead so was looking to avoid filters, as with each image request (and there are quite a lot, there is a photo gallery etc.) Tomcat will need to process stuff (create / delete filter classes etc)
I agree with William, look at a filter, however I would parse the referer http header and reject the request (or return a default image) if it is not your site.
Don't worry about the 'overhead' of creating filter classes. Find a solution which works and then profile it. I think you'll find there are hundreds of other classes created anyway and the filters will be of no consequence.