To realize the anti-theft chain, we must first understand the implementation of the principle of hotlinking, mentioned that the implementation of the principle of anti-theft chain has to say from the HTTP protocol, in the HTTP protocol, there is a table header field called Referer, the format of the URL to indicate from where to link to the current page or file. In other words, through Referer, a Web site can detect the source pages visited by the target Web page, and if it is a resource file, you can track the address of the page where it is displayed. With the Referer tracking source is good to do, at this time can be handled through technical means, once detected that the source is not the site is to prevent or return the specified page.
Configuration of Nginx anti-theft chain
1, Nginx for file types of anti-theft chain configuration methods:
Copy Code code as follows:
Location ~* \. (gif|jpg|png|swf|flv|bmp) $ {
Valid_referers none blocked *.jb51.net jb51.net;
if ($invalid _referer) {
#rewrite ^/http://www.jb51.net/403.html;
return 403;
}
}
This method is added to the server or location segment: Valid_referers none blocked, where none denotes an empty route, i.e. direct access, such as opening a file directly in the browser, blocked indicating the route marked by the firewall, * . jb51.net represents all child domain names.
2, Nginx against the file directory of anti-theft chain configuration methods:
Copy Code code as follows:
location/img/{
root/data/img/;
Valid_referers none blocked *.jb51.net jb51.net;
if ($invalid _referer) {
Rewrite ^/http://www.jb51.net/error.gif;
#return 403;
}
}
the configuration of Apache anti-theft chain
Apache anti-theft chain of the first implementation method, can be implemented with Rewrite. First, make sure that Apache rewrite module is available: the ability to control Apache httpd.conf files, open httpd.conf, and ensure that there is one line of configuration:
Copy Code code as follows:
LoadModule Rewrite_module modules/mod_rewrite.so
Then add the following code where the corresponding virtual host is configured:
Copy Code code as follows:
ServerName www.jb51.net
# anti-theft Chain configuration parameters
Rewriteengine on
Rewritecond%{http_referer}!^http://jb51.net/.*$ [NC]
Rewritecond%{http_referer}!^http://jb51.net$ [NC]
Rewritecond%{http_referer}!^http://www.jb51.net/.*$ [NC]
Rewritecond%{http_referer}!^http://www.jb51.net$ [NC]
Rewriterule. *\. (gif|jpg|swf) $ http://www.jb51.net/img/nolink.gif [R,NC]
Jb51.net/www.jb51.net represents its own trust site. Gif|jpg|swf means to protect the file extension (separated by |). Nolink.gif the hotlinking page/picture after it has been redirected. To output warning messages, this image should be as small as possible.
Some users use a virtual host, have no control over the server, cannot modify the httpd.conf file, and restart the server. Then please confirm your virtual host support. htaccess, write the above configuration to the. htaccess file, put it in the root directory or the directory where the picture resides:
Copy Code code as follows:
# anti-theft Chain Configuration
Rewriteengine on
Rewritecond%{http_referer}!^http://jb51.net/.*$ [NC]
Rewritecond%{http_referer}!^http://jb51.net$ [NC]
Rewritecond%{http_referer}!^http://www.jb51.net/.*$ [NC]
Rewritecond%{http_referer}!^http://www.jb51.net$ [NC]
Rewriterule. *\. (gif|jpg|swf) $ http://www.jb51.net/img/nolink.gif [R,NC]
By judging the value of the Referer variable and judging whether the reference of the picture or resource is legitimate, only the referer in the set range can access the specified resources, thus realizing the purpose of the anti-theft chain (Anti-leech). It should be noted that not all user agents (browsers) will be set Referer variables, and some can also manually modify the Referer, that is, referer can be forged. This article is about a simple means of protection. Of course, it is enough to deal with the general hotlinking.
