I was ones faced with the issue of enforcing copyright on different files on a website. That meant that images and dynamically created XML files had to be blocked if accessed from outside the website. So, I had to find a way to prevent other websites from linking to or referencing these files. Copyright or not, it is a good idea to do it on dynamically created files such as charts, because they take a lot of computer power to generate.
That resulted in an HttpModule that stops all requests coming from outside the website to a custom list of files. If your images are inserted into a <img> tag on another domain, they will be blocked. The list can use wildcards so you can stop all files of a certain type as well. It could look like this *.gif|*.jpg|image.ashx.
Below are the two methods of the module that stops the illegal requests.
private void context_BeginRequest(object sender, EventArgs e)
HttpContext context = ((HttpApplication)sender).Context;
// Do nothing if the request is legal
// Accessed directly
if (context.Request.UrlReferrer == null)
// Linked to or embedded into another domain
if (context.Request.UrlReferrer.Host != context.Request.Url.Host)
privatebool ReguestIsLegal(HttpContext context)
string mappings = ConfigurationManager.AppSettings["BlockMapping"];
string fileName = context.Request.PhysicalPath;
foreach (string map in mappings.Split('|'))
string cleaned = map.Replace("*", ".*").Replace(".", "\\.");
if (Regex.IsMatch(fileName, cleaned, RegexOptions.IgnoreCase))
The method RequestIsLegal uses regular expressions to determine if the requested file matches the mappings in the web.config.
Download the ExternalAccessModule.cs below and add put it in the App_Code folder. Then add the following lines to the web.config’s <system.web> section.
<add type="ExternalAccessModule" name="ExternalAccessModule"/>
And last, add the mappings to the AppSettings of the web.config. Modify it to match your own files.
<add key="BlockMapping" value="*.gif|*.jpg|image.ashx"/>