Some desktop RSS readers write a temporary HTML file to the hard disk and load that, so you need to allow for file: URLs. My own reader sends the RSS URL as the referer, so you need to make sure that works too.
posted by cillit bang at 2:58 PM on January 27, 2005

There are such a wide variety of RSS readers out there that I think it's safe to say that at least some of them don't send referer. Also, my web browser doesn't. Also, firewalls and proxies tend to strip it out. The simplest way to limit false positives would be to block specific user-agents, of which there are only a few common ones, rather than compile a big list of exceptions.

A better way of preventing image use would be to change the url of the images every day. Put all the images in one directory. Have a script change its name to something random every day, and replace the previous day's image directory with the new one in all the html. Ten minutes' work for a shell-script hacker, for a simple site. I wonder if anyone's done that yet.
posted by sfenders at 8:45 PM on January 27, 2005

You should set up your .htaccess to block any image request that begins with http:// but doesn't have your domain in it. It should allow anything else, including blank referrers, strings such as "Blocked by Norton Internet Security," and so on.

If you set it up so it requires your domain in the referrer, a lot of people won't be able to see it. It should only require your domain if the referrer looks like another Web site.
posted by kindall at 10:35 PM on January 27, 2005

This thread is closed to new comments.