aspose file tools*
The moose likes Tomcat and the fly likes image inlining Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "image inlining" Watch "image inlining" New topic
Author

image inlining

Nick Tountas
Greenhorn

Joined: Jul 22, 2006
Posts: 5
Hi

Is there a way to disallow image inlining (i.e. people from linking to my website's images consuming my bandwidth)

To clarify: I have some images in a http://www.mydomain.com which should not be linked from other sites like this:
<img src="http://www.mydomain.com/theimage.jpg">
Only my webapp should be able to use a particular set of images.

I'm using Apache-Tomcat 5.5.17, Windows xp, JDK 1.5_07

Haven't tried filters yet. It could be the answer but nonetheless I would like some input on the matter.


Thank you

William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12806
    
    5
Seems to me that if every legitimate image request has an associated session id then a filter is what you want.
Note that image file and plain HTML file serving is done by the default Servlet - configured in the web.xml file in the conf directory.

Bill
Nick Tountas
Greenhorn

Joined: Jul 22, 2006
Posts: 5
Thank you for your reply Bill, sounds good.

I would like to minimize the overhead so was looking to avoid filters, as with each image request (and there are quite a lot, there is a photo gallery etc.) Tomcat will need to process stuff (create / delete filter classes etc)

Could there be a cleaner approach?

David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

"nickt nickt",
Welcome to the JavaRanch.

We're a friendly group, but we do require members to have valid display names.

Display names must be two words: your first name, a space, then your last name. Fictitious names are not allowed.

Please edit your profile and correct your display name since accounts with display names get deleted, often without warning

thanks,
Dave
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I agree with William, look at a filter, however I would parse the referer http header and reject the request (or return a default image) if it is not your site.

Don't worry about the 'overhead' of creating filter classes. Find a solution which works and then profile it. I think you'll find there are hundreds of other classes created anyway and the filters will be of no consequence.

Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: image inlining