1

I'm running ImageResizer on iis7 in Integrated mode. I just want to make sure I'm not introducing unnecessary overhead with this code in my Application_Start. The intent here is to watermark certain images (folder based, then size based) when the request does not come from within my domain (e.g. hotlinked files or Googlebot or Pinterest, etc.):

  Config.Current.Pipeline.Rewrite += delegate(IHttpModule mysender, HttpContext context, IUrlEventArgs ev)
  {
     if (context.Request.UrlReferrer.Host != "www.mydomain.com")
     {
        //Check folder
        string folder1 = VirtualPathUtility.ToAbsolute("~/images/products");
        string folder2 = VirtualPathUtility.ToAbsolute("~/images/product-showcase");
        string folder3 = VirtualPathUtility.ToAbsolute("~/images/frills");
        if (ev.VirtualPath.StartsWith(folder1, StringComparison.OrdinalIgnoreCase) || ev.VirtualPath.StartsWith(folder2, StringComparison.OrdinalIgnoreCase) || ev.VirtualPath.StartsWith(folder3, StringComparison.OrdinalIgnoreCase))
        {
           //Estimate final image size, based on the original image being 300x300. 
           System.Drawing.Size estimatedSize = ImageBuilder.Current.GetFinalSize(new System.Drawing.Size(300, 300),
                           new ResizeSettings(ev.QueryString));
           if (estimatedSize.Width > 100 || estimatedSize.Height > 100)
           {
              //It's over 100px, apply watermark
              ev.QueryString["watermark"] = "watermarkname";
           }
        }
     }
  };

edit/solution: for working code, 3rd line should be:

     if (context.Request.UrlReferrer == null || (context.Request.UrlReferrer != null && context.Request.UrlReferrer.Host != "www.mydomain.com"))

This will watermark the images that are 1) directly accessed OR 2) referenced in a page on an outside site. Amen.

Thanks, John

secretwep
  • 706
  • 1
  • 12
  • 28

1 Answers1

1

In general, this is the correct and most performant way to do this.

You do need to verify context.Request.UrlReferrer is not null before accessing the Host property.

While watermarking is a 'non-violent' method that can work in a whitelist approach like this, in general a blacklist-based approach to target particular offenders is less problematic.

Lilith River
  • 16,204
  • 2
  • 44
  • 76
  • You are right, I should have checked for null at the UrlReferrer point; though I realized that it will always be null because I am running on an integrated pipeline in iis7. [relevant answer on SO post](http://stackoverflow.com/questions/1790457/global-asax-get-the-server-name) – secretwep Jun 09 '13 at 16:58
  • More relevant: [IIS7 Integrated mode: Request is not available in this context exception in Application_Start](http://weblogs.asp.net/reganschroder/archive/2008/07/25/iis7-integrated-mode-request-is-not-available-in-this-context-exception-in-application-start.aspx) from Regan Schroder's blog – secretwep Jun 09 '13 at 18:11
  • Accepted because you answered the question, but I'm still having problems due to the request context not being available. ...still working on it. It'd be cool if the module itself was capable of dealing with this. – secretwep Jun 09 '13 at 19:11
  • You might [have the RTM version of .NET 4.0 without updates (see this SO question)](http://stackoverflow.com/questions/16832471/imageresizer-parsequeryonly-response-is-not-available-in-this-context-when). Request is definitely available unless you've got a variable name conflict. – Lilith River Jun 10 '13 at 17:29
  • Yes context.Request was available. Thank goodness. I had a hard time debugging because VS2008 was on the prod. server. It turned out my logic was flawed and I modified it above in my question. thx!!! – secretwep Jun 14 '13 at 04:58