|
Discussion Forums
|
Thread: Restricting Access by Referer feature request.
|
|
|
Replies:
7
-
Pages:
1
-
Last Post:
Jan 19, 2009 11:56 AM
by: Colin Rhodes
|
|
|
Posts:
5
Registered:
6/1/08
|
|
|
|
Restricting Access by Referer feature request.
Posted:
Jun 2, 2008 6:17 AM PDT
|
|
|
With my web hosting I can block access to my pictures outside of my domain to stop "Hot Linking". cPanel has a feature to block hotlinking that is widely used by webmaster becuese this is a common problem. I really think this should be added as an option to the ACL.
I have pictures that come up #1 in Google Images so they get alot of hits. So I thought ok I'll host them on Amazon and save a few dollars. But then I got to thinking about how in the past I had an image that the MySpace.com kids liked and started hotlinking too. It got to the point it was using up alot of gigs of bandwidth every month before I enabled a block on hotlinking.
My point is this. While Amazon offers very cheap hosting this can easily be offset when anyone can hotlink to our files and use our bandiwdth for their own purposes. I considered changing the file names once per month but if I did this then I would probably no longer have my #1's. As Google doesn't list images for many months after indexing them to make sure they are going to be actually still be there in their results long term. If I am constantly changing file names I won't have to worry about bandwidth usage because I probably won't be #1 anymore. :(
Please Amazon give us the option to restrict access to our files to only a specfic domain. The use of wildcards would come in handy here too.
Access Restricted to:
www.mydomain.com
or *.mydomain.com or *.mydomain.com/index.php or
www.mydomain.com/path/
* ...
I already know for a fact that once some users see they can hotlink to my images its going to quickly offset some/alot of my savings from using Amazon. As time passes more and more will probably hotlink untill it gets to the point I might as well go back to using my host instead of Amazon. Now Amazon is leaving $ on the table! I am sure I am not the only user here who doesn't want other web sites hotlinking to their files on their dime. If you agree with me then please voice your support to this thread.
And if anyone has a good solution to this problem that doesn't constantly involve changing the URL's, like those signed URL thingies then please let me know.
Thank You,
Blaaam
|
|
Posts:
66
Registered:
10/14/06
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jun 2, 2008 9:41 AM PDT
in response to: Anthony Goodley
|
|
|
Hi,
Not sure to understand what you try to reach.
In part, this very good ranking that you have on Google, comes from the hotlinks you receive from so many other pages.
If you block linking, your ranking will automatically deteriorate (rapidly)
I don't think that's what you want to achieve, right?
regards
didier
|
|
Posts:
5
Registered:
6/1/08
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jun 2, 2008 2:59 PM PDT
in response to: Anthony Goodley
|
|
|
Please see this wiki which explains it better than i could.
http://en.wikipedia.org/wiki/Inline_linking
Inline linking
(also known as
hotlinking
,
leeching
,
piggy-backing
,
direct linking
,
offsite image grabs
and
bandwidth theft
) is the use of a linked object, often an image, from one site into a
web page
belonging to a second site.
Inline linking to an image stored on another site
increases the bandwidth use of that site
even though the site is not being viewed as intended. The complaint may be the loss of ad revenue or changing the perceived meaning through an unapproved context.
Some servers are programmed to use the
HTTP referer
to detect hot-linking and return a condemnatory message, commonly in the same format, in place of the expected image or media clip. Most servers can be configured to partially protect hosted media from inline linking, usually by not serving the media or by serving a different file.
I am not #1 because anyone hotlinks. And I doubt even from a normal link for that matter. Blocking hotlinking obviously doesn't affect your ranking for images within Google Images as I have been doing this for years and retained my high ranking.
Look people everytime some jerk out there hotlinks to your image, sound file or any other resource, without your permission, they are stealing from you AND you have to pay Amazon for the bandwidth they use of yours. Amazon could fix this by allowing us to block via HTTP_REFER. With most web servers its a trival thing to implement.
Thank You,
Tony
Message was edited by: Anthony Goodley
|
|
Posts:
5,320
Registered:
3/19/07
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jun 2, 2008 3:20 PM PDT
in response to: Anthony Goodley
|
|
|
"hotlink protection" has been requested several times. I don't recall ever seeing Amazon say they would add it to their roadmap. The best that can currently be done is to use private files with Query String Authentication. I have no idea if using QSA URL's for your images would affect your Google PageRank. Maybe Google could answer this question for you. Please let us know what they say.
|
|
Posts:
5
Registered:
6/1/08
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jun 2, 2008 3:34 PM PDT
in response to: Allen
|
|
|
I am very new here and all. But doesn't QSA, Query String Authenication, block who can see it by altering the URL with a buncha gibberish? I want my images to be public, but only on my web site. I do not want everyone on MySpace, Facebook.... hotlinking my images. QSA will solve this without changing the URL? Like I stated before constantly changing the URL would have quite negative affects as it takes upwards of a year to get an image, and its related URL, into Google Images. I am rather sure changing this URL would have an immediate negative affect when GoogleBot comes around to say hi. I really don't have to ask Google because I know from experience what this would do. Google Page Rank isn't exactly the same thing as ranking #1, PR is a small part of the formula used to determine rankings. With images having a URL that doesn't change is a much more important than PR from what I have seen.
Thank You,
Tony
|
|
Posts:
5,320
Registered:
3/19/07
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jun 2, 2008 4:04 PM PDT
in response to: Anthony Goodley
|
|
|
To use QSA, you would make your images private on S3 (the default), then program your web server to output HTML pages that contains embedded images with QSA URLs having a reasonably short expiration time (1-10 minutes). S3 would only provide an image if the user's web browser presented it with an unexpired QSA URL. Since only your web server can generate these URL's, no one else would be able to hotlink to your content by sticking a static URL on their web site. They could potentially download your page every N minutes and update their own links, but this would probably show up in your server logs and you could program your web server to block them. Not as easy as simple referrer protection, but actually more powerful because you can decide to hand out the QSA URL's based on whatever criteria you want: a logged in user, a user who has paid for the content, etc.
The query portion (the part ofter the "?") of the URL's of the images embedded in your pages would be constantly changing, but the URL's of the web pages themselves would not be changing. Personally, I don't see how this would change the PageRank of your pages, but Google could probably give you a better answer.
|
|
Posts:
3
Registered:
1/17/09
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jan 19, 2009 11:41 AM PST
in response to: Allen
|
|
|
I've been searching posts for answers to this question of protecting files on S3, and I see there is a QSA method. How is it implemented and where is the documentation to allow novice programmers to make it work? I've read REST API but it mine as well be Greek. Where can a guy get simple instructions to make this work? Really appreciate a response. Thank you!
Kev
|
|
Posts:
1,265
Registered:
10/10/07
|
|
|
|
Re: Restricting Access by Referer feature request.
Posted:
Jan 19, 2009 11:56 AM PST
in response to: sf954
|
|
|
1) Read Allen's post above yours for a description of how it works
2) Use a ready-to-go library that allows you to generated signed URLs.
|
|
|
|
Sign in to the AWS Management Console
Create an AWS Account
