ASP Image Hotlinking Prevention Technique Without ISAPI

Ian Turner 20/10/04

With so many forums around the problem of image hotlinking by amateur web users has become a very serious annoyance to webmasters. This problem has been easy to solve using htaccess on Linux servers but an equivalent method has not been available in ASP wthout writing an ISAPI filter, which is a serious technical hurdle to many.

Here we outline a technique that doesn't require much technical expertise to implement and doesn't require the use of an ISAPI filter.

The code makes use of a simple little trick that can be easily implemented. Given that we have a file default.asp as below:

<head></head>
<body bgcolor="#FFFFFF">
See my wonderful picture <img src="images/mypicture.jpg" border="0">
</body>

And that it is being hotlinked by a well used forum and is using up significant amounts of your bandwidth, you want to do something to prevent these hotlinkers

Well first change the name of the image in your source code to mypicture.jpeg see the new code below

<head></head>
<body bgcolor="#FFFFFF">
See my wonderful picture <img src="images/mypicture.jpeg" border="0">
</body>

Then create a file called mypicture.jpeg in your images directory with code as below

<%

if InStr(Request.ServerVariables("http_referer"),"www.mydomain.com") > 0 then
server.transfer "mypicture1.jpg"
else
server.transfer "nohotlinkers.jpg"
end if

%>

Next rename the image that is being hotlinked to mypicture1.jpg and create a nohotlinkers.jpg image file (you can make that image whatever you like but small is good) you can even not bother with that image on your server as it will just appear as if it doesn't exist in the normal way.

Finally and here is the key element in making this work, you need to set .jpeg files to be processed by the ASP Parser in the IIS properties this will prevent further hotlinking of the file even if the hotlinker changes the links to the mypicture.jpeg file indicated in your source code.

To set .jpeg to be processed by the ASP parser go to
Home Directory > Configuration > App Mappings, then click 'Add' and set the executable to C:\WINNT\System32\inetsrv\asp.dll, the extension to .jpeg and 'Limit to' to 'GET,HEAD,POST,TRACE' (these are the same settings as for the .asp extension)

Once this has been done the .jpeg will be executed as an ASP file and the user will receive the picture dependent on what the Referrer is in the HTTP header.

A couple of interesting extensions of this technique are firstly that the server.transfer can redirect to a .gif file equally successfully and Internet Explorer will show the file in the normal way

The second interesting extension is that you don't have to use this technique only for hotlink prevention, altenatively it could be used to send different images to different browsers by using the user agent.

No doubt with a bit of imagination you can come up with many of your own uses based around other server variables.

We don't guarantee that this method is perfect and I'm sure that a seasoned professional could get round it, but it will put the majority of hotlinkers off and they will go and find an easier target

 

Return to Programming News

Web Hosting
CSS, HTML & Web Design
Search Engines
Internet Marketing
Hardware & Peripherals
Affiliate Programs
Infrastructure Technology
Chat & Messengers
Programming
Sound & Animation
Software Packages
G3 Phones & PDAs
Retail Online
Email & Spam
Domain Names
Web Humour

Home
Important Sites
Partner Resources

Disclaimer | Privacy Policy | Contact Us | Write Us An Article | Submit Press Release

© 2004 British Internet News, 24, Buckhurst Road, Frimley Green, Camberley, Surrey, GU16 6LH, UK - All Rights Reserved.