Each site owner of Apache is trying to beautify its website, making it look cooler and more attractive, the most common way is to use pictures, logos and flash. However, this will also bring a problem, because the more beautiful, the more attractive the site, beautiful pictures and flash and so on are easily stolen by other sites quietly. Let's discuss how to prevent web site images from being embezzled.
issues that need to be addressed
To put it simply, there are two different types of embezzlement:
1. Use HTML tag img To reference a picture of your site in your site.
2. Download the pictures from the website and put them on your website.
For the first type of embezzlement, the images of legitimate Web sites are used to beautify other sites, which are more damaging to legitimate sites because visitors to illegal sites actually get pictures from legitimate websites, log files for legitimate Web sites are full of access requests, and bandwidth is consumed illegally. The legitimate web site does not get any benefit. This type of embezzlement can be prevented by technical means altogether.
The second type of embezzlement is relatively sinister, visitors to illegal web site directly access to illegal pictures, and the legitimate Web site copyright infringement, but no compensation, and even can not find such misappropriation. This type of embezzlement is not actually blocked because of how the Web works, but it can make it more difficult.
It is unrealistic to put an end to both types of misappropriation, but it can be difficult to use technical means. In the Apache environment, you can restrict the use of Web site images by configuring them.
identify files that need to be protected
As a webmaster, the biggest hope is to be able to protect all the documents on the site, but from a technical point of view is not realistic, so we only discuss the protection of picture files.
As a first step in protection, you first need to identify the files that need to be protected before you can further protect the files that are identified. Add the following in the Apache configuration file:
<filesmatch "\. (gif|jpg) > [Add protection Restrictions here Command]</filesmatch>
|
Will Container commands are included in the Or Such containers, or individually, are not in any protection container, which protects all files on the Web site and can even be stored in a. htaccess file. The container is placed in a different location, and the scope of the protection has different opportunities.
Referer HTTP header field
When a user accesses a Web server to request a page, the HTTP request sent by the user's browser has a message called the HTTP request header, which contains some information requested by the customer, such as the browser version of the requesting client host, the user language , user operating system platform, user requested document name, etc., this information is transmitted as variable name/variable value.
In this information, the Referer field is important for implementing the prevention of image spoofing. The Referer field specifies the URL address of the last page of the client. For example, if a user accesses page A and then clicks the link on page A to page B, the HTTP request to access page B includes a referer field that will include the message "This request is from page a". If a request is not from a page, but rather a user accesses page A by entering the URL address of page a directly in the browser's address bar, the Referer field is not included in the HTTP request. How does that help us prevent hotlinking? The Referer field is to help determine whether the request to the image is from your own page or from another Web site.
using Setenvif to mark an image
As a simple example, suppose that the homepage of a Web site that needs to be protected is http://my.apache.org, and you want to limit all network access requests that are not from this site (for example, only images that are included in the page of this site). Here you can use an environment variable as a token and set the variable if the condition is met, as follows:
Setenvifnocase Referer "^http://my\.apache\.org/" local_ref=1
When Apache processes a request, it checks the Referer field in the HTTP request header, setting the environment variable LOCAL_REF to 1 if the request originates from this site (that is, the URL of the request page is the domain name of this site).
A string in double quotes is a regular expression, and the environment variable is set only if the regular expression is matched. This article does not discuss how to use regular expressions, only to understand that the setenvif* command uses regular expressions as arguments.
The "nocase" section of the Setenvifnocase command indicates that the regular expression here ignores case, ' http://my.apache.org/', ' http://My.Apache.Org/' or ' Http://MY '. apache.org/' can match the criteria.
using environment variables in Access control
The order, allow, and deny commands in the Apache configuration file can achieve access control over the environment variables of the document, and first of all, use order, allow, and deny commands to consider the effect of the sequence of allow and Deny commands on the results of Apache processing. Should be used in the following manner:
Order Allow,deny
This means that Apache handles the Allow command associated with the HTTP request first, and then processes the associated deny command. The default policy for this approach is deny, so the request will be rejected unless explicitly allowed, and any illegal access will not succeed.
Therefore, add the following command to the Apache configuration file httpd.conf to make the local reference work:
Order Allow,denyallow from Env=local_ref
|
This allows the request to be allowed only if the LOCAL_REF variable is defined, otherwise all other requests and accesses will be rejected because these requests do not meet the Allow condition.
Note, please do not use in. htaccess and httpd.conf Container command, where the container command is not required, unless there are special requirements, such as expecting a GET request and a POST request to be handled differently.
Put these related settings together, in the Apache configuration file will have the following:
Setenvifnocase Referer "^http://my\.apache\.org/" Local_ref=1<filesmatch "\. (gif|jpg) "> Order allow,deny Allow from env=local_ref</filesmatch>
|
If the configuration can be stored in the server configuration file httpd.conf, or in the. htaccess file, the final effect is the same: within the scope of these commands, only pictures referenced from this website can be accessed.
to watermark a picture
The method described above does not completely prevent image hotlinking, this is because some persistent users can fake Referer value to steal pictures, so that the relevant settings are invalidated, so it is impossible to completely prevent the site picture is hotlinking, but the measures taken above will make hotlinking become very difficult.
In addition, there is a way to prevent the image is stolen, that is, the image of the site are watermark processing. The watermark processing of a digital image refers to adding a special signature code in the picture, and can be verified and detected, the digital watermark does not degrade the quality of the picture, even the remaining part of the image being cut can still include the watermark information. Once the picture is edited, printed, and scanned again, the watermark can still be detected. Therefore, Watermark technology is a very good protection of the image is not stolen technology.
Record embezzlement requests
If you want to know if the artwork on your site is stolen, try using the same detection and environment variables to record suspicious requests. For example, if you add the following command to the httpd.conf file, all access requests that have illegal referer header information are logged in the/usr/local/web/apache/logs/poachers_log file:
Setenvifnocase Referer "!^http://my\.apache\.org/" Not_local_ref=1setenvifnocase Request_uri "\. (gif|jpg) "Is_image=1rewriteengine onrewritecond ${env:not_local_ref} =1rewritecond ${ENV:is_image}" =1rewriterule. *-[Last,env=poach_attempt:1]customlog logs/poachers_log CLF Env=po Ach_attempt
|
in the above code, the first two behavior conditions are set Tag (that is, a picture file without the correct local referer), Rewritecond detects if the tag is set, and then Rewriterule sets the third tag, and the last line makes such an access request recorded in a particular file. The
above briefly describes how to use configuration to limit the way in which web images are stolen in Apache environments, and I hope you can introduce yourself to better experiences.
