Click here to Skip to main content
Click here to Skip to main content
Go to top

How to Prevent the Resource Leech from a Website

, 9 Mar 2012
Rate this:
Please Sign up or sign in to vote.
How to prevent Leeching of resources like images and documents from our website.

Introduction

This small tip is to demonstrate one way of preventing the resource leech from our website.

Background

For those who got confused by the term resource leech, let me first define what a resource leech is. I had a website that contain a lot of images and PDF file which are quite useful for the users. So some guys running simple blog pages thought it would be a good idea to have their blogs providing those resources(so that they could get more visitors and make more pennies). They wrote some small 4 line text for each resource and provided the image and PDF links from my site directly. 

Now, One thing is that the content is actually hosted on my site and users are getting them without even knowing that. But the major problem in bandwidth usage. Why would I want to spend my bandwidth for serving the images/pdfs to some other websites.

Using the code

I thought about the problem and decided to write simple code  to prevent this problem. The solution is not very secure as the advance users can still get their way around by modifying the HTTP header of their request but that is not what most guys will do.

What we can do is to simply

  1. Handle the Application_BeginRequest method in the global handler.
  2. Find the HOST servers URL i.e. My servers URL
  3. Find the requesting servers URL.
  4. Check if the requesting server belongs to my domain or not.
  5. If the requesting server does not belong to my domain. I will end the request without serving.
   void Application_BeginRequest(object sender, EventArgs e)
   {
        //lets get the application object to use
        HttpApplication application_ = (HttpApplication)sender;
        HttpRequest request = application_.Context.Request;

        //Lets find out the the Hostname of my server
        string myServer = request.ServerVariables["HTTP_HOST"];

        //Lets find out the URL of the referrring site.
        string referingServer = request.ServerVariables["HTTP_REFERER"];

        //If this is null that would mean we ourself are requesting the resource.
        if (referingServer != null)
        {
            if (referingServer.StartsWith("http://" + myServer) ||
                referingServer.StartsWith("https://" + myServer))
            {
                //its ok to pass the resources, It is for our own host
            }
            else
            {
                //Stop the bugger from using the resources
                application_.CompleteRequest();
            }
        }
    } 

Perhaps calling the CompleteRequest is not an elegant solution but it worked fine for me.

Points of Interest

As I said, this approach rely on the HTTP header information so advance users can get around by modifying the HTTP header information. Perhaps, the ideal way to solve this problem is to have HTTPHandlers to each resource type i.e .jpg, .pdf and prevent leeching.

History

09 March 2012: First version.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Rahul Rajat Singh
Software Developer (Senior)
India India
I Started my Programming career with C++. Later got a chance to develop Windows Form applications using C#. Currently using C#, ASP.NET & ASP.NET MVC to create Information Systems, e-commerce/e-governance Portals and Data driven websites.

My interests involves Programming, Website development and Learning/Teaching subjects related to Computer Science/Information Systems. IMO, C# is the best programming language and I love working with C# and other Microsoft Technologies.
  • Microsoft Certified Technology Specialist (MCTS): Web Applications Development with Microsoft .NET Framework 4
  • Microsoft Certified Technology Specialist (MCTS): Accessing Data with Microsoft .NET Framework 4
  • Microsoft Certified Technology Specialist (MCTS): Windows Communication Foundation Development with Microsoft .NET Framework 4
 
If you like my articles, please visit my website for more: www.rahulrajatsingh.com[^]
Follow on   Twitter   Google+   LinkedIn

Comments and Discussions

 
GeneralMy vote of 5 PinmemberShai Aharoni29-Dec-12 22:45 
AnswerArticle of the Day on Microsoft's site PinmemberRahul Rajat Singh29-Dec-12 19:46 
QuestionReferrer is not always sent Pinmembercrashedapp9-Mar-12 8:12 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140916.1 | Last Updated 9 Mar 2012
Article Copyright 2012 by Rahul Rajat Singh
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid