. htaccess anti-Theft chain method (file, picture)

Source: Internet
Author: User
Tags auth rar password protection

HTTP Standard protocol has a dedicated field record Referer, one can be traced back to the last inbound address is what, and secondly for the resource file, you can trace to include the display of his web address is what.

So all anti-theft chain methods are based on this referer field
Two methods:
The first is to use the Apache file Filematch limit, add in the httpd.conf (in fact, you can also save the following statement into a. htaccess file), and put it in the root directory of your website (that is, the www/html directory), so that no other people will be able to hotlinking.

Setenvifnocase Referer "^http://afish.cnblogs.com/" local_ref=1      Order allow,deny allow from  env=local_ref Allow from  127.0.0.1

This method is convenient to prohibit non-permitted access to the URL to refer to various resource files, please note that "http://afish.cnblogs.com/" to your URL.


The second is to use rewrite, which requires an increase in Apache Mode_rewrite, Support. htaccess file directory permission restrictions, Add. htaccess files to the virtual host root directory, redirect image files that are not local address refer to warning images or warning pages.

First make sure that your server or space's server interpreter engine is Apache2, and that it supports. htaccess client settings file, if you have your own server, please make the following changes to the./conf/httpd.conf file,
Find: # LoadModule Rewrite_module modules/mod_rewrite.so, the front of the # to remove.
Find the first allowoverride None to allowoverride all to restart the Apache2 server

Next is the edit. htaccess file, the. htaccess file has the contents of

 rewriteengine onrewritecond%{http_referer}!^. *$ [Nc]rewritecond%{http_referer}!^http://cnblogs.com  $ [Nc]rewritecond%{http_referer}!^http://afish.cnblogs.com  $ [nc]rewriterule. *. (jpg|jpeg|gif|png|bmp|rar|zip|exe ) $http:// Afish.cnblogs.com/error.html  [r,nc,l]  

The color of the place is to change your:
Http_referer after the domain name is changed to provide you with the download page address, that is, only through this address can download what you provide. The
(Jpg|jpeg|gif|png|bmp|rar|zip|exe) is the extension (separated by |) of the file to be protected, meaning that files with these extensions are accessible only to the address given by Http_referer.
If you redirect to http://afish.cnblogs.com/error.html when you do not access the file with the extension through the Http_referer address, there is an advantage to this method that different virtual hosts are defined with different descriptions. The

is then used to implement the anti-theft chain using. htaccess files.
The first thing to do is to create two directories in space (of course, directory name customization), assuming one for the web and the other down.
The web is used to drop the page (or download the program), down of course, let you provide the content of the download, change the red part of the. htaccess file, change it to http://Your domain name/web, and the blue part to the extension of the file you want to protect.
Change the Green section to http://your domain name/web. After the change, save the. htaccess file and upload it to the down directory.

Instance:

 <  ifmodule  mod_rewrite.c  >   # Open Rewrite module Rewriteengine on # Defines the folder to be protected, it is recommended that you rewritebase/wp-content/uploads/#允许空的来源 as long as you protect the Upload folder (/wp-content/uploads/) because the user may manually Enter image URL Rewritecond%{http_referer}!^$ [NC] #允许自己的网站访问啦 rewritecond%{http_referer}!cnblogs.com [NC] #允许几个常用的在线阅 Reader access Rewritecond%{http_referer}!zhuaxia.com [NC] Rewritecond%{http_referer}!xianguo.com [NC] Rewritecond%{HTTP_R    Eferer}!google.com [NC] Rewritecond%{http_referer}!feedburner.com [NC] Rewritecond%{http_referer}!feedsky.com [NC] #括号中的是要保护的文件拓展名, this only protects the gif,jpg,png, plus the image address No.png rewriterule. *\ when the error occurred. (gif|jpg|png) $ http://afish.cnblogs.com/no.png [r,nc,l]  </ ifmodule  >  


Simply explain the above statement:

1, Rewritecond%{http_referer}!^$ [NC]

Allow null "http_referer" access, that is, allows the user to enter the image address in the browser address bar directly when the picture file display. In general, this is optional, however, it is recommended that this setting, if forced to have "http_referer" to access, may cause some problems, such as when the user is accessed through a proxy server.

2, Rewritecond%{http_referer}!webeta.cn [NC]

Set the HTTP sources that are allowed to be accessed, including our site itself, Google, Baidu, Bloglines, FeedBurner, and more.

3, Rewriterule. *\. (gif|jpg|png) $ http://afish.cnblogs.com/no.png [r,nc,l]

Define the image to be substituted when hotlinking, let all hotlinking jpg, GIF, PNG and so on the webpage of file, display no.png file under root directory. Note: Replace the displayed picture without placing it in the directory where the anti-theft chain is set, and the smaller the picture file, the better. Of course, you can also not set a replacement image, but instead use the following statement:

Rewriterule. *\. (gif|jpg|png) $-[F]

4, explain the R, NC and L
R is the meaning of the turn
NC refers to case insensitive
The function of L is to indicate the end of this steering, and the subsequent steering is not affected by the previous judgment statement.


5. File types to prevent hotlinking

In the example above is GIF, JPG, PNG, and as needed, can change or add other file types, such as RAR, MOV, etc., using "|" Between different file extensions Segmentation.

In this way, you can basically do simple to prevent the occurrence of the hotlinking situation, and can do the most possible to reduce the fearless consumption of server traffic, of course, if you do not care about this traffic, then you can not consider the above settings!



. haccess Online editing tools
Medium and cultural area (support 10 languages, including traditional Chinese), the function is more perfect:
Support:

Whether to display the list of articles (whether to display the site Index directory)
Whether password protection is enabled (password protection can be enabled for a single directory)
Various error page settings (Request401 Auth Req ' d402 Payment Req ' d403 Forbidden404 not Found405 Method not Al lowed406 not Acceptable407 Proxy Auth Repid408 Request time Out409 conficting Request410 Gone411 C Ontent Len Req ' d412 precondition Failed413 Entity Too Long414 URI Too Long500 Int, Server Error501 not Implemented502 bad Gateway503 Service Unavailable504 Gateway Timeout505 HTTP Ver not Sup ...)
Pre-set page (set any page as the main page)
WWW steering setup (will www. redirect)
301 302 Forwarding (for redirection)
Access restrictions (for anti-theft chains)
Take a look at it now: http://www.htaccesseditor.com/sc.shtml

There is also a third type:

When I solve the blog ban hotlinking, I found a problem, but also a good way. Blog to manage all the resources themselves, with resserver.php to display the dynamic, so that a unified portal to add permission to operate. At the same time, the above 2 methods can not be used, because it is no longer Apache direct access to resource files, but PHP through the file read.

So you can only tamper with PHP code: Before reading the output of the resource file, add the following judgment code

  $referer  = $_server  [' Http_referer  '  if  (false  = strpos  ( $referer ,  $selfurl  Span style= "color: #000000;" ) { echo  ' illegal hotlinking! ')       exit  (1

Here is a bit lazy, directly see if the reference address contains the host address, but the principle is this, to determine whether Referer is the address of the site. We often in the download time, also encountered hotlinking website cannot download, reported hotlinking problem. The simplest way to download this type of file is to change referer, for example FlashGet, the URL below the "citation" column, directly fill it out.
The. htaccess is a full file name, not a ***.htaccess or other format (and of course the administrator sets it to another name, but is generally used. htaccess). Also, when uploading a. htaccess file, you must use the Ascⅱ mode and change the permissions with the chmod command to: 644 (rw_r__r__). Each placed. htaccess directory and its subdirectories are affected by the. htaccess. For example, a. htaccess file is placed under the/abc/directory, so it is important that all files in/abc/and/abc/def/be affected by it, but/index.html will not be affected by it.

Instance features: password protection for document access

To use. htaccess to set the Access user and corresponding password for a document in a directory, the first thing to do is to generate a. htpasswd text document, for example:

Afish:z5ti9hcd

The password is encrypted and the user can find some tools to encrypt the password into a. htaccess supported encoding. This document should not be placed in the WWW directory, it is recommended to be placed outside the WWW root directory document, this is more secure.

With the authorized user documentation, you can add the following instructions to the. htaccess:

AuthUserFile. HTPASSWD Server directory  authgroupfile/dev/null (directories that require access)  authname enterpassword  authtype Basic (authorization type)  require user wsabstract (allows access to users, you can use require valid-user if you want all users in the table to be allowed)

The parentheses section is a comment

. htaccess anti-Theft chain method (file, picture)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.