Preventing hotlinking with IIS

slippypixel · 06-08-2006, 09:47 PM

Hi,

New to IIS so please forgive me if this is an idiotic question.

How do I prevent hotlinking to images with IIS. With my apache host it's just a case of editing the .htaccess file. Is there an easily configurable way of doing the same thing?

I'd like to basically have a white list of sites I'd allow to hotlink, and block everybody else.

I have tried scripting my own httphandler in asp.net, but it seems that IIS will serve up image files quite happily and my handler never gets hit. I added the following to web.config, and obviously provided a class to do the work:

<httpHandlers>
<add verb="GET,HEAD" path="*.jpg" type="SlippyPixel.CheckAuth,SlippyPixel"/>
</httpHandlers>

I have also tried adding the code in the Session_Start event in global.asax, but again, this code never get's hit when a request for an image comes in, only requests for aspx and misc other files.

Am I missing something obvious? Is there a way of doing this without having to request catalyst2 to mess with IIS? Will catalyst even do the necessary IIS ISAPI messing if requested? Has anybody else successfully managed to stop hotlinking to image files? Will there ever be peace on earth?

Any help or advice would certainly be appreciated!

Cheers

slippypixel · 07-08-2006, 11:24 AM

OK, so after some digging in google. It appears that I just need to ask catalyst2 to configure extension mappings for .jpeg .jpg and .gif files to point to the ASP.NET ISAPI on my site dir in IIS.

The custom httphandlers then work fine (I've tested with my local copy of IIS).

Is that something I should just raise a ticket for?

paulredpath · 07-08-2006, 05:38 PM

If you raise a ticket we have no problem doing that for one domain.

06-08-2006, 09:47 PM	#1 (permalink)
slippypixel Registered User Join Date: Aug 2006 Posts: 8	Preventing hotlinking with IIS Hi, New to IIS so please forgive me if this is an idiotic question. How do I prevent hotlinking to images with IIS. With my apache host it's just a case of editing the .htaccess file. Is there an easily configurable way of doing the same thing? I'd like to basically have a white list of sites I'd allow to hotlink, and block everybody else. I have tried scripting my own httphandler in asp.net, but it seems that IIS will serve up image files quite happily and my handler never gets hit. I added the following to web.config, and obviously provided a class to do the work: <httpHandlers> <add verb="GET,HEAD" path="*.jpg" type="SlippyPixel.CheckAuth,SlippyPixel"/> </httpHandlers> I have also tried adding the code in the Session_Start event in global.asax, but again, this code never get's hit when a request for an image comes in, only requests for aspx and misc other files. Am I missing something obvious? Is there a way of doing this without having to request catalyst2 to mess with IIS? Will catalyst even do the necessary IIS ISAPI messing if requested? Has anybody else successfully managed to stop hotlinking to image files? Will there ever be peace on earth? Any help or advice would certainly be appreciated! Cheers

07-08-2006, 05:38 PM	#3 (permalink)
paulredpath Bring me your problems :p Join Date: Jan 2003 Location: /dev/ahhhhhhhhh Posts: 3,537	If you raise a ticket we have no problem doing that for one domain. __________________ Paul Redpath paul@catalyst2.com Go on, review Us at OC Host Review!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

07-08-2006, 11:24 AM	#2 (permalink)
slippypixel Registered User Join Date: Aug 2006 Posts: 8	OK, so after some digging in google. It appears that I just need to ask catalyst2 to configure extension mappings for .jpeg .jpg and .gif files to point to the ASP.NET ISAPI on my site dir in IIS. The custom httphandlers then work fine (I've tested with my local copy of IIS). Is that something I should just raise a ticket for?