• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

prevent hotlinking images with standalone tomcat.

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I'm running tomcat webserver standalone. Is there a way to stop hotlinking images? I know you can do this with apache but what about standalone tomcat? Thanks.

EW
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Is there a way to stop hotlinking images?



If by that you mean requiring all image requests to come from known legal users, sure. Just have the image link point to a servlet rather than a file and have the servlet check for a valid session before sending the image data.

Bill
 
Rob Deer
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm trying to prevent people typing image.jpg in the url to go to the image directly.
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I'm trying to prevent people typing image.jpg in the url to go to the image directly.


Ok, thats what I was talking about, Tomcat will only serve images directly from the main web application directory. Put you images somewhere else and create a servlet to send them after checking for a valid user.
Bill
 
Rob Deer
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can you give a little example on the servlet?
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could do this with a filter as well.
Put all your restricted images in a directory (member-img). Then create a filter that checks a user's login credentials (usually stored in session) and allows the request to pass if the user should be allowed to access that directory.
Map that filter to your member-img directory.
reply
    Bookmark Topic Watch Topic
  • New Topic