How can we prevent website images from being leeched?

To prevent the leeching of website images, do you need to know? Basically, there are two methods of chain:

First, leeching directly uses image links to reference images on the website. There are two feasible methods to prevent leeching: control through the Apache server and control by using SESSION variables in the program.

Type 2: Download images directly from the website and copy and use them.

There are two main methods to prevent Image leeching: one is to use the mod_rewrite.so extension of Apache, and the other is to use the SESSION variable of PHP.

1. Apache anti-theft technology

The principles of Apache anti-theft technology are the same as those of PHP pseudo-static technology. Apache mod_rewrite.so modules must be used. The configuration file httpd. conf of the Apache server is modified as follows:

The code is as follows:	Copy code
# LoadModule rewrite_module modules/mod_rewrite.so

Remove "#" before the item and start the item.

Find the httpd. conf file, find the "AllowOverride" item, and change its value to All. Save it to the root directory of the project and create a. htaccess file to define how to prevent images from being uploaded? Chain method .. The code for the htaccess file is as follows:

SetEnvIfNoCase Referer "^ http: // 192.168.1.2/" local_ref = 1

The code is as follows:	Copy code
<FilesMatcvh ". (gif | jpg)"> Order Allow, Deny Allow from env = local_ref </FilesMatch>

Referer field: When Apache processes a request, it detects the Referer field in the header information and sets the environment variable local ref to l. If the request starts from its own website address, this is a page of the website.

^ Http: // 192.168.1.59/: is a regular expression. To set the environment variable, the Referer value must match it.

"NoCase" command: defines the value of a regular expression to ignore the case of a string.

Order Allow, Deny: sets Apache to execute the Allow command in the list for the current request, and then repeats the Deny Command.

Local ref: This will allow requests with the local ref environment variable (whatever value) to pass. Any other: requests will be rejected because they do not comply with Allow conditions and access is denied by default.

. Htaccess

First, create a. htaccess under the root directory. If you already have it, copy the following code and add it to the bottom of. htaccess.

The code is as follows:	Copy code
# RewriteEngine on RewriteCond % {HTTP_REFERER }! ^ $ [NC] RewriteCond % {HTTP_REFERER }! Google.com [NC] RewriteCond % {HTTP_REFERER }! Baidu.com [NC] RewriteCond % {HTTP_REFERER }! 111cn.net [NC] RewriteRule. *. (gif | jpg | png) $ 111cn.net [R, NC, L]

Briefly explain the meaning of each statement:

 

The code is as follows:	Copy code
RewriteCond % {HTTP_REFERER }! ^ $ [NC]

Allow access with "HTTP_REFERER" blank, that is, allow users to directly enter the image address in the browser address bar to display the image file. In general, this is optional. However, we recommend that you set this parameter. If you force a request to have "HTTP_REFERER" to access the service, this may cause some problems, for example, when the user accesses the service through the proxy server.

The code is as follows:	Copy code
RewriteCond % {HTTP_REFERER }! Google.com [NC]

Set the HTTP source that can be accessed, including the website itself, Google, Baidu, Bloglines, and Feedburner. This can be added multiple times. The free-of-worry mini-editor only provides the access permissions of common seo/seo.html "target =" _ blank "> search engines such as Google Baidu.

The code is as follows:	Copy code
RewriteRule. *. (gif | jpg | png) $ 111cn.net [R, NC, L]

Define the link to be replaced when the chain is stolen. It can be an image or a 404 error page. The carefree editor defines the home page, so it is 111cn.net. If it is to be defined on the 404 page, you can add the 404 page path. Of course, the smaller the size of the replaced page file, the better. You can use the following statement instead of replacing the image:

The code is as follows:	Copy code
RewriteRule. *. (gif | jpg | png) $-[F]

In this way, customers can prevent website traffic loss due to image leeching. This method can also be used to add files such as rar and zip, only in (gif | jpg | png) add it here.

For example, add a zip file anti-Leech:

Replace this (gif | jpg | png | zip) with the (gif | jpg | png) section in the complete code above.

SESSION variable anti-Leech

The principle of SESSION variable anti-Leech technology is to determine the permissions of image visitors. If you have the permission, you can access the object. Otherwise, you cannot access the object. The specific implementation is to first define a SESSION variable, then use another script to generate an image, and in this script, determine whether the SESSION variable exists. If so, the image can be accessed. For example, the following is a simple page showing an image. The source URL of the image is a PHP script that ensures that only visitors of the site can see the image.

The code is as follows:	Copy code
<? Php Session_start (); $ _ SESSION ['viewimages'] = true; ?>

Note that a SESSION variable called viewimages is registered in the above code, while the mark src shows getimage. php? Img1_bg3_ol.jpg.
The following is the code for the script getimage. php. First, check the SESSION variable viewimage to see if it is set to true:

The code is as follows:

Copy code

<? Php Session_start (); If (isset ($ _ SESSION ['viewimages']) & $ _ SESSION ['viewimage'] = true ){ $ Dims = getimagesize ('images/'. $ _ GET ['IMG']); Header ('content-Disposition: inline; filename = '. $ _ GET ['IMG']); Header ('content-Type: '. $ dims ['Mime']); Header ('content-Length: '. filesize ('images/'. $ _ GET ['IMG ']); Readfile ('images/'. $ _ GET ['IMG']); } Else { Header ('http/1.1 404 NOT Found '); Header ('content-Type: text/plain '); Echo "WWW.111cn. Net. This is a protected image and cannot be leeched! N "; } ?>

Nginx anti-Leech

Configure the command location to implement anti-Leech protection for simple images and other types of files.

Nginx configuration file:

The code is as follows:	Copy code
Location ~ . (Jpe? G | png | gif) $ { Valid_referers none blocked mysite.com * .mysite.com; If ($ invalid_referer ){ Return 403;     } }

Use ("|") to separate the file extensions you want to protect.

The valid_referers command contains the list of websites allowed to access resources. If the list does not contain requests, 403 is returned. The following describes the parameters of the valid_referers command:

None-match the HTTP request without a Referer (Matches the requests with no Referer header ).
Blocked-the request has a Referer, but is modified by the firewall or proxy server. the https: // or http: // (Matches the requests with blocked Referrer header) is removed ).
* .Mydomain.com-match all the second-level domain names of mysite.com (Matches all the sub domains of mydomain.com. Since v0.5.33, * wildcards can be used in the server names ).

In addition to using location to restrict access to files, you can also restrict access to specific directories. The following configuration will prohibit access to all files in the images directory.

The code is as follows:	Copy code
Location/images /{ Valid_referers none blocked mysite.com * .mysite.com; If ($ invalid_referer ){ Return 403;     } }

The above configuration is simple to implement anti-Leech protection by verifying the request header. If the leeching website fails to block http requests through forgery