This small tip is to demonstrate one way of preventing the resource leech from our website.
For those who got confused by the term resource leech, let me first define what a resource leech is. I had a website that contain a lot of images and PDF file which are quite useful for the users. So some guys running simple blog pages thought it would be a good idea to have their blogs providing those resources(so that they could get more visitors and make more pennies). They wrote some small 4 line text for each resource and provided the image and PDF links from my site directly.
Now, One thing is that the content is actually hosted on my site and users are getting them without even knowing that. But the major problem in bandwidth usage. Why would I want to spend my bandwidth for serving the images/pdfs to some other websites.
Using the code
I thought about the problem and decided to write simple code to prevent this problem. The solution is not very secure as the advance users can still get their way around by modifying the HTTP header of their request but that is not what most guys will do.
What we can do is to simply
- Handle the Application_BeginRequest method in the global handler.
- Find the HOST servers URL i.e. My servers URL
- Find the requesting servers URL.
- Check if the requesting server belongs to my domain or not.
- If the requesting server does not belong to my domain. I will end the request without serving.
void Application_BeginRequest(object sender, EventArgs e)
//lets get the application object to use
HttpApplication application_ = (HttpApplication)sender;
HttpRequest request = application_.Context.Request;
//Lets find out the the Hostname of my server
string myServer = request.ServerVariables["HTTP_HOST"];
//Lets find out the URL of the referrring site.
string referingServer = request.ServerVariables["HTTP_REFERER"];
//If this is null that would mean we ourself are requesting the resource.
if (referingServer != null)
if (referingServer.StartsWith("http://" + myServer) ||
referingServer.StartsWith("https://" + myServer))
//its ok to pass the resources, It is for our own host
//Stop the bugger from using the resources
Perhaps calling the CompleteRequestis not an elegant solution but it worked fine for me.
Points of Interest
As I said, this approach rely on the HTTP header information so advance users can get around by modifying the HTTP header information. Perhaps, the ideal way to solve this problem is to have HTTPHandlers to each resource type i.e .jpg, .pdf and prevent leeching.