imgur's 302 redirects revisited

September 02, 2016

I've previously written about imgur's removal of direct links. They're doing it more than ever now, and not just for certain domains, but also applying forced redirects based on more than just the referrer.

It appears to be whitelisting a specific set of sites and leaving those untouched, while virtually any kind of visit from a mobile user agent will be redirected away from the direct link (which, if you're on a limited data plan, is terrifying considering the autoplaying ads).

Here's the Alexa top 250, used as referrers, with a mobile and a desktop user agent. The URL requested specifically was http://i.imgur.com/lDLglxW.jpg. Reproduction steps are at the bottom of this post if you want to run it on more than the top 250 yourself.



On top of that, imgur no longer offers any friendly way for non-technical people to copy the direct link to an image at all.

The "embed" no longer provides a [img] bbcode or <img> HTML tag or otherwise; only loading a blob of JavaScript.


If you want to reproduce the results, first pull the list of top domains from Alexa:

$ wget http://s3.amazonaws.com/alexa-static/top-1m.csv.zip; unzip top-1m.csv.zip; head -n 250 top-1m.csv > 250.csv

Quick script to output a CSV (PHP is not my primary language, some parts may not be the best):

<?php
/* Modify CURLOPT_URL, 250.csv, imgur_output_results.csv, and the user agents to your liking */

function http_parse_headers($headers) {
    /* http://stackoverflow.com/a/33730535 by Andrey Dyukhin */
    $headers = preg_replace('/^\r\n/m', '', $headers);
    $headers = preg_replace('/\r\n\s+/m', ' ', $headers);
    preg_match_all('/^([^: ]+):\s(.+?(?:\r\n\s(?:.+?))*)?\r\n/m', $headers . "\r\n", $matches);
    $result = array();
    foreach($matches[1] as $key => $value) {
        $result[$value] = (array_key_exists($value, $result) ? $result[$value] . "\n" : '') . $matches[2][$key];
    }
    return $result;
}

function get($referrer, $user_agent) {
    $c = curl_init();
    curl_setopt($c, CURLOPT_URL, "http://i.imgur.com/lDLglxW.jpg"); /* Random choice from reddit */
    curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($c, CURLOPT_USERAGENT, $user_agent);
    curl_setopt($c, CURLOPT_REFERER, "http://www.{$referrer}");
    curl_setopt($c, CURLOPT_HTTPHEADER, ["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]);
    curl_setopt($c, CURLOPT_HEADER, 1);
    sleep(1);
    $temp = curl_exec($c);
    $header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
    $header = substr($temp, 0, $header_size);
    $header = http_parse_headers($header);
    if (isset($header['Location'])) {
        return $header['Location'];
    }
    else {
        return "NO_REDIRECT";
    }
}

$f = file(__DIR__ . "/250.csv");
$buffer = "";
foreach ($f as $line) {
    $line = explode(",", trim($line));
    $desktop = get($line[1], "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36");
    $mobile = get($line[1], "Mozilla/5.0 (Linux; Android 4.4.2; en-gb; SAMSUNG SM-G900H Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.6 Chrome/28.0.1500.94 Mobile Safari/537.36");
    // host,desktop_result,mobile_result
    $buffer .= "{$line[1]},{$desktop},{$mobile}\n";
}

file_put_contents(__DIR__ . "/imgur_output_results.csv", $buffer);