This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes image inlining Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "image inlining" Watch "image inlining" New topic

image inlining

Nick Tountas

Joined: Jul 22, 2006
Posts: 5

Is there a way to disallow image inlining (i.e. people from linking to my website's images consuming my bandwidth)

To clarify: I have some images in a which should not be linked from other sites like this:
<img src="">
Only my webapp should be able to use a particular set of images.

I'm using Apache-Tomcat 5.5.17, Windows xp, JDK 1.5_07

Haven't tried filters yet. It could be the answer but nonetheless I would like some input on the matter.

Thank you

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 12760
Seems to me that if every legitimate image request has an associated session id then a filter is what you want.
Note that image file and plain HTML file serving is done by the default Servlet - configured in the web.xml file in the conf directory.

Nick Tountas

Joined: Jul 22, 2006
Posts: 5
Thank you for your reply Bill, sounds good.

I would like to minimize the overhead so was looking to avoid filters, as with each image request (and there are quite a lot, there is a photo gallery etc.) Tomcat will need to process stuff (create / delete filter classes etc)

Could there be a cleaner approach?

David O'Meara

Joined: Mar 06, 2001
Posts: 13459

"nickt nickt",
Welcome to the JavaRanch.

We're a friendly group, but we do require members to have valid display names.

Display names must be two words: your first name, a space, then your last name. Fictitious names are not allowed.

Please edit your profile and correct your display name since accounts with display names get deleted, often without warning

David O'Meara

Joined: Mar 06, 2001
Posts: 13459

I agree with William, look at a filter, however I would parse the referer http header and reject the request (or return a default image) if it is not your site.

Don't worry about the 'overhead' of creating filter classes. Find a solution which works and then profile it. I think you'll find there are hundreds of other classes created anyway and the filters will be of no consequence.

I agree. Here's the link:
subject: image inlining
Similar Threads
mapping default page to domain name in tomcat without port Ubuntu
response.sendRedirect expecting the wrong file
struts deploy issues
Pushing images to jsp page?
Deploying Struts app on Linux server