Forum Discussion
Kevin_Stewart
May 20, 2013Employee
I think the best you can do is to filter on the source address and maybe the file requested (or file types/extensions).
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals banned_host_list] and [class match [string tolower [HTTP::path]] ends_with banned_image_content] } {
HTTP::respond 200 content "buzz off image hotlinker"
}
}
Where "banned_host_list" and "banned_image_content" are data groups listing IP addresses or IP ranges (address-based), and image file extensions (ex. .jpg, .jpeg, .gif, .png, etc.) - (string-based), respectively. There are still ways around this of course, like adding an innocuous hash tag to the URI to obscure the file extension, but the above should catch most of the offenders.