What is Leeching?
Leeching. Inline linking. Hotlinking. Bandwidth theft. Sometimes it is even called direct linking or confused with deep linking. Whatever the term, if a third party site is requesting your files and presenting them on their Web site, you are paying for the bandwidth while they use your content as their own.
How Does this Bandwidth Theft Occur?
In a classic example of content leeching, an online ad (i.e. on eBay) is created with an unauthorized image served from a manufacturer's site. This arrangement is good for the eBay user, but bad for the original manufacturer's bandwidth bill – they serve the image but get no benefit from the transfer. That's also stealing, and LinkDeny for IIS is the transparent security solution to stop this kind of theft.
Solution: Access Control
Anti-leeching is itself a subset of the larger Internet challenge of access control. Most Web sites or applications have sections should only be served to a specific audience. Paid content, proprietary or copyrighted material, personal or private data, commercial software code, affiliate link landing and jump pages, downloads are just a few. LinkDeny adds a crucial layer of access control to HTTP and HTTPS.
Are there penetration attempts from a particular IP address or country? Block them. Can't control every link to your site placed into a user forum, blog post, community site like SlashDot.com or a social networking site like MySpace.com? Limit traffic spikes from these sites that may cause a denial of service state on your Web site. The applications are endless, and LinkDeny gets stronger as you add more rules to control who or what gets to your unique site.
With a flexible rules-based framework implemented as an ISAPI filter, LinkDeny allows or denies requests based on the referring site, the user-agent or Web browser type, the IP address (specific addresses, ranges or countries by IP address block), on the HTTP headers present in request, or by time period (URLs that expire after a certain time period). Detailed logging and testing interfaces allow you make sure that you are not blocking good traffic, and rules can be remotely uploaded to the IIS Web server for LinkDeny in XML format.
LinkDenying in the Real World
This topic is nothing new to Web administrators, and there are a variety of custom code snippets and products out there with various feature sets. Here are series of blog posts and articles on the topic for your review and research: