HomeCurrent ProjectsInterestsResumeE-mail

LeechBlocker
  an open source ISAPI Filter for
  Microsoft's Internet Information Services
  by Michael R. Brumm
 

The Problem

One very annoying thing about hosting images on a web site is that certain people (leeches) will take advantage of the fact that your web server will serve the images to any browser that requests them, regardless of whether the browser is displaying a page on your web site, or a page elsewhere on the Internet.

Because of this, the leeches will create their web pages in a way that display images which are retrieved from your web server, not their own. By not hosting the images themselves, they save both disk space and avoid bandwidth limits on their web server. This strategy is sometimes called leeching, hijacking, or stealing images.

Unfortunately, this means that your own web server ends up responding to a lot of leech requests which have nothing to do with your own web site. This will chew up your server's bandwidth and may slow down your server. In addition, it can skew your log file analysis of visitor usage and browsing.

The Solution

To combat this, I've created an ISAPI filter which can be used by Microsoft's web server: Internet Information Services (IIS). This filter can be very easily added to any IIS web site, and can protect the whole server or just a single site from leeching. For information on how to use ISAPI filters, consult your IIS documentation.

The Downloads

Here are links to the ISAPI filter DLL and the source code: If you plan to use or modify the source code, make sure that you are familiar with the Open Source License Agreement. I do require that you follow the license.

LeechBlocker ISAPI DLL   56KB
(tested only on Microsoft IIS 5.0, should work on earlier and later versions)

LeechBlocker Source Code   28KB
(Developed in Microsoft Visual C++ 6.0)

 

How The LeechBlocker Filter Works

The filter intercepts all incoming requests and checks to see if the resource (an image for example) is being referred to by the same site by which it is being hosted. If the referrer is not the same as the site name, the filter checks to see if the extension of the resource requested is an image (.gif, .jpg, .jpeg, etc...). If the extension indicates that the resource is an image, then the request is denied.

What is the Referrer?
(sometimes incorrectly spelled "Referer")

Every time a web browser requests a file from your web server, it tells the web server what URL caused the request. For example, if a web page contains an image, then that page is the referrer to the image. If the browser requests a page or image because of a bookmark (in the Favorites for example) or because the user typed in the URL directly into the address bar, then there is no referrer.

Why Not Block All Referrals That Are Not From Your Site?

If someone navigates a link to one of your web site's pages from another web site, then the referrer will not be from your site. If you were to block all of these requests, then no one would be able to follow any outside link to your site. For example, an entry in Yahoo for your web site would not be navigable because Yahoo's page would be the referrer.

So, obviously you do not want to block outside referrals to your web pages, just your images (or other resources).

Why Not Redirect the Request to an Advertisement?

Originally, I wrote the LeechBlocker to redirect any leeching request to an image "/leech.gif" on my site. I planned to put an advertisement to my site in this and thereby not only embarrass the leeches, but also make people aware of my site. Unfortunately, there are some problems with doing this.

First, some browsers have a bug which sometimes cause an incorrect referrer to be sent when a bookmark is used and a page is already loaded. When this bug occurs, this incorrect referrer will be used for every image requested on that page. Your background images, spacers, and every other image could end up replaced by your advertisement when this bug occurs. Believe me, it ends up being very hard to read anything in the resulting mess, especially if you have any background images or use images as spacers.

If you simply deny the request instead of sending back an advertisement, the page stays readable. Every image will show up as unavailable, but if the user refreshes the page or clicks on a link, the bug will disappear.

Another similar problem is translation web sites (like Alta Vista's Babelfish). Because these translation sites use a leech-like effect to display the original images in translated pages, they will suffer the same fate as leeching web pages. Again, if you return an advertisement, the translated pages will probably be unreadable, but if you instead deny the request, the translated pages stay readable (minus the images, of course).

If you want the LeechBlocker to return an advertisement, you can recompile the source code to do this (just un-comment the "#define REDIRECT 1" line).

Why Does LeechBlocker Not Do This...?

I created LeechBlocker to be simple, fast, and efficient. It does what I wanted it to do, and it does it quickly. I know it has a few minor exploitable weaknesses (which at worst will allow really, extremely smart leeches to get by it), and it is not configurable to allow specialized blocking rules or file extensions. However, I have made it Open Source to allow other people to see how to construct such a filter and to save them time. If you want it to do something else, like make coffee, you are free to modify the source code and make it do so.

I suggest that anyone who makes further modifications to the filter please E-mail Me and I will post them here for others to use.

 

 

 

All Material Copyright © Michael R. Brumm