Block requests based on referrer?

Discussion:

(too old to reply)

Mike Cain

2006-10-27 18:16:35 UTC

Hi - there is a web site out there linking to one of our JPG files from
their web site. We've asked them to stop by they have not. Therefore we
need to stop this programmatically at the server level. (In case you are
wondering, we cannot rename or move the file to cause a 404 for them because
we need this file in this spot for others legitimately using it).

For all these unwanted requests, the referrer contains the offending parties
domain - so its easy for us to know programmatically which requests to
block - we just need to look for www.theirdomain.com in the referrer.

If this was a ASP or ASP.NET page we would do this easily from a ISAPI or
HTTPModule. From there we'd look at the referrer and if there was a match
we'd block the request. However the requested resource in this case as
mentioned is a JPG. How can we go about adding a layer of "smarts" to IIS
programmatically to block requests for this JPG based on the referrer?
Thank you for you advice.

Funkadyleik Spynwhanker

2006-10-27 18:21:29 UTC

Permalink

For that, you have to buy a third party ISAPI filter built for that purpose.

Google for "hot link blocker" for lots of options. They range from $30 to
$300.

You will want to check the features to make sure you can add legit domains
for your particular use.

(Too bad you don't have the fun of putting something entirely different in
there. :( )

Post by Mike Cain
Hi - there is a web site out there linking to one of our JPG files from
their web site. We've asked them to stop by they have not. Therefore we
need to stop this programmatically at the server level. (In case you are
wondering, we cannot rename or move the file to cause a 404 for them
because we need this file in this spot for others legitimately using it).
For all these unwanted requests, the referrer contains the offending
parties domain - so its easy for us to know programmatically which
requests to block - we just need to look for www.theirdomain.com in the
referrer.
If this was a ASP or ASP.NET page we would do this easily from a ISAPI or
HTTPModule. From there we'd look at the referrer and if there was a match
we'd block the request. However the requested resource in this case as
mentioned is a JPG. How can we go about adding a layer of "smarts" to IIS
programmatically to block requests for this JPG based on the referrer?
Thank you for you advice.

2006-10-27 18:46:08 UTC

Permalink

You can do this by mapping jpg and gif to the asp engine, there are articles
out there for doing exactly this, search on "image hotlinking asp.net" or
"block referer asp.net" on google, here's a short one I found:
http://www.aspnetresources.com/blog/leeching_stops_here.aspx

I know there's an article as codeproject somewhere as well, can't seem to
find it now.

Just remember that referer can be blocked for privacy reasons, and if they
dont click a link there will be no referer set so unfortunately you will
have to allow no referer unless you want broken images on your site but it
still blocks a lot since the person leeching cannot control visitors browser
settings.

GH