View Full Version : Another way to bypass "on-the-fly image protection"

August 3rd, 2005, 07:48 AM
I enabled "on-the-fly image protection" yesterday and I have already had a user figure out out to bypass the security feature.

What they have pointed out to me is that by right clicking on the thumbnail they can get the URL for the photo which ends with for example:


Then by changing the thunbs directory to medium they now have the medium size URL (without watermark). Example:


Finally by removing the directory before the image file name they can view the photo or link it to anywhere on the Internet. Example:


So in all actually what is called Watermark protection really is not at all.

I am using an .htaccess file to protect the images from my gallery from being linked to any other websites other than mine. I had removed the .htaccess fiel after enabling the "on-the-fly image protection" but it looks like I will have to keep it in place to stop people from linking directly to the images fromother website.

Here is the .htaccess file entries I am using. Anyone here can modify it for use on their website. I placed the file in the root photopost directory and also the data directory for good measure.


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?xlforum.net.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?v2-forum.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?linson.us.*$ [NC]
RewriteRule ^.+\.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]


BTW - I would love to be able to allow anyone to hotlink to my gallery photos but I want the watermark there. If anyone has any idea on how I can ge this to happen please let me know.

Chuck S
August 3rd, 2005, 11:06 AM
You need to do a couple things. Use IPS and move your image directory below the webroot for large images

Next enable right click disable.

Third in your head tag section place this meta tag to disable the image toolbar

<meta http-equiv="imagetoolbar" content="no" />

If the image toolbar is off and right click is disable there is no way to click a darn thing and if the large images are below the webroot no one can get them

August 3rd, 2005, 12:20 PM
Thanks for the input. Are these instructions anywhere in any documentation? Seems that with the way it is now many users of Photopost may have a false sense of security.

Chuck S
August 3rd, 2005, 01:05 PM
Well disable right click is right in the options and the ips instructions explain to place images below the webroot in ips settings for maximum security

The IE imagetoolbar is just a set peive of mine LOL I tell people to turn that off every chance I get

April 17th, 2007, 05:38 AM
In which file i have to set this, and how to know the right path to change it from the admin panel?


Chuck S
April 17th, 2007, 09:04 AM
what are you referring to specifically