Limiting public access to the iipserver

  • David

    David - 2011-06-17

    Hi all

    Does anyone have any suggestions on how to prevent users from going straight
    to the iipserver and requesting tiles that they could potentially use to
    restitch the high-res image back together ? I understand there's a MAX_CVT
    configuration variable which allows you to limit the export size of an image,
    however it doesn't prevent someone from potentially tiling the image if they
    so wished.

    I take it a user couldn't just plug their iipmooviewer into our server due to
    cross site scripting, though even that could be bypassed....

    Are there any best practices / suggestions out there to prevent this sort of
    thing from happening to copyrighted images ?


  • Ruven

    Ruven - 2011-06-17

    There's no way to make 100% sure you cannot download tiles. The most secure
    way would be to use the watermarking feature to dynamically add a watermark.
    Alternatively, you could limit the JPEG compression factor to a level which is
    reasonably good, but not that good.

    You could also think about using Apache or Lighttpd to filter users that cause
    problems or redirect them to watermarked versions. You can also do this with a
    proxy cache like Varnish. Filtering can be via IP address blacklists or via
    the user agent or referrer string. You should be able to detect many automated
    download tools in this way. I've also been thinking of creating a Varnish or
    Apache module that will detect sequential tile downloads and ban the user,
    which could help also.

  • David

    David - 2011-06-20

    Many thanks for the swift response Ruven, I'm particularly keen on the the
    sequential tile detection idea... I'll report back with any success we have
    with these options.




Cancel  Add attachments

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks