English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
In today's Internet, there are many collection websites, and many websites like to hotlink/Using images from other websites not only violates website rights but also causes the website that is hotlinked to consume a large amount of traffic, putting a significant burden on the server. This article introduces how to prevent image theft in php/Here are the two methods of hotlinking, for those who need it, you can refer to them.
What is the use of image hotlink prevention?63; Prevent other websites from using your images, wasting your precious traffic.
This article introduces how to prevent image theft in php/Two methods of hotlinking
1Apache image redirection method
2Set the images directory to not allow http access
Methods to prevent image hotlinking under Apache server
If your website is mainly based on images, and you find that the traffic is almost used up before the end of the month, you can use image redirection. Without modifying the web page, you can redirect the image download requests to other spaces (such as trial hosts) for temporary transition.
Let's start with the explanation, for example, if all your images are in the img directory, you should place a file named .htaccess in this directory, with the following content:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !simcole.cn [NC]
RewriteCond %{HTTP_REFERER} !zhuaxia.com [NC]
RewriteCond %{HTTP_REFERER} !google.com [NC]
RewriteCond %{HTTP_REFERER} !baidu.com [NC]
RewriteCond %{HTTP_REFERER} !bloglines.com [NC]
/* Author: Manong Tutorial http://www.manongjc.com */
RewriteRule .(jpg|gif|png|bmp|swf|jpeg) /image/replace.gif [R,NC,L]
RewriteRule ^(.*)$ http://image.simcole.cn/image/$1 [L]
Copy the code
A brief explanation follows:
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !simcole.cn [NC]
RewriteCond %{HTTP_REFERER} !zhuaxia.com [NC]
RewriteCond %{HTTP_REFERER} !google.com [NC]
/* Author: Manong Tutorial http://www.manongjc.com/article/1550.html */
RewriteCond %{HTTP_REFERER} !baidu.com [NC]
RewriteCond %{HTTP_REFERER} !bloglines.com [NC]
This part is to determine whether it is a hotlink. If all the above conditions are met (that is, the request to access the image is neither directly entered by the URL nor comes from simcole.cn, nor from zhuaxia.com, nor from google.com, nor from baidu.com, nor from bloglines.com), then execute the following redirection:
RewriteRule .(jpg|gif|png|bmp|swf|jpeg) /image/replace.gif [R,NC,L]
This means that all web pages that link to jpg, gif, png, bmp, swf, jpeg files under the img directory will display the image using the replace.gif image under the image directory. Note that the image to be replaced should not be placed in the img directory set for anti-hotlinking. If the above rules determine that the image request is not a hotlink, then execute the following redirection:
RewriteRule ^(.*)$ http://image.simcole.cn/image/$1 [L]
This means that all requests under the img directory are redirected to the target server, for example, if the original url of a picture is http://www.bebecn.com/img/girl.jpg, now it will be redirected to http://image.bebecn.com/image/girl.jpg go. Of course, you need to copy all the files under the original server's img directory to the temporary server's image directory first, and the redirection will truly be available. The effect is to save all the traffic occupied by the original server's image download, allowing the temporary server to bear it.
Set the images directory to not allow http access
Set the images directory to not allow http access (remove the read and directory browsing permissions from the image directory).
Use a PHP file to directly read this image with the file function. Perform permission control within this PHP file.
In the apache environment, you can add the following file to your image directory.
Filename .htaccess
The file content is as follows
# options the .htaccess files in directories can override. # Edit apache/conf/httpd.conf to AllowOverride in .htaccess # AllowOverride AuthConfig # Stop the directory list from being shown Options -Indexes # Controls who can get stuff from this server. Order Deny,Allow Deny from all Allow from localhost
Other web environments such as iss, nginx are similar.
class imgdata{
public $imgsrc;
public $imgdata;
public $imgform;
public function getdir($source){
$this->imgsrc = $source;
}
public function img2data(){
$this->_imgfrom($this->imgsrc);
return $this->imgdata=fread(fopen($this->imgsrc,'rb'),filesize($this->imgsrc));
}
public function data2img(){
header(“content-type:$this->imgform”);
echo $this->imgdata;
//echo $this->imgform;
//imagecreatefromstring($this->imgdata);
}
public function _imgfrom($imgsrc){
$info=getimagesize($imgsrc);
//var_dump($info);
/* Author: Manong Tutorial http://www.manongjc.com */
return $this->imgform = $info['mime'];
}
}
$n = new imgdata;
$n -> getdir("1.jpg //The path of the image is generally stored in the database, and the user cannot obtain the real path. It can be obtained according to the image ID.
$n -> img2data();
$n -> data2img();
This code reads the image and then outputs it directly to the browser, with user permission judgment performed before reading and outputting.
Here, when we talk about PHP reading images, it does not refer to reading the path, but rather to reading the content of the image, and then inputting the image type through Header(); such as gif, png, jpg, etc., and then outputting the content of the image, so fread() is used.
Actually, what you see is image.php&63;id=100 means displaying this image in the browser, and when you view the source file, you will not see the image path, but the scrambled image content.
Similar to the encrypted album of QQ space, you can only access it by entering the password, and it is also impossible to access by directly entering the photo address in the encrypted album in the browser. My current idea is that the image address is a PHP file, which verifies the permission through PHP, reads the image, and outputs it. I don't know if there is a simpler and more efficient way other than this. For example, generating a temporary browsing address, using some anti-hotlinking plugins of nginx?
You can use ngx_http_auth_basic_module to do this.
Modify the configuration file
location / {
root /usr/local/nginx/html;
auth_basic “Auth”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
index index.php index.htm;
}
The Auth in auth_basic “Auth” is the title of the pop-up box (enter username and password)
auth_basic_user_file /usr/local/nginx/conf/in htpasswd;/usr/local/nginx/conf/htpasswd is a file that saves passwords
That's all for this article. I hope it will be helpful to everyone's learning and that everyone will support the Naying Tutorial more.
Statement: The content of this article is from the network, and the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, has not been manually edited, and does not assume relevant legal liabilities. If you find any content suspected of copyright infringement, please send an email to: notice#w3Please replace # with @ when sending an email for reporting, and provide relevant evidence. Once verified, this site will immediately delete the content suspected of infringement.