How PHP implements the anti-theft chain explanation

Source: Internet
Author: User
This article mainly introduces PHP to implement the anti-theft chain method, combined with an example of the PHP anti-theft chain involved in the relevant technology and specific implementation skills, the need for friends can refer to, hope to help everyone.

$_SERVER['HTTP_REFERER']The Access situation

Note that $_server[' http_referer '] is not always available and can only be obtained if:

One, can take the situation of Http_referer is the following several:

1. Direct use of <a href>
2. Form submitted with submit or <input type=image> (POST or GET)
3. Forms submitted using JScript (POST or GET)

Two, the situation can not be taken in the following categories:

1. From the Favorites Link
2. Click "Home" or a custom address
3. Using JScript's Location.href or Location.replace ()
4. Enter the address directly in the browser
5. <%Response.Redirect%>
6. <%Response.AddHeader%> or <meta http-equiv=refresh> steering
7. Loading addresses with XML

strrposFunction Explanation:

Strrpos-calculates the last occurrence of the specified string in the target string


int strrpos ( string $haystack , string $needle [, int $offset = 0 ] )
Returns the last digit position of the needle in a string $haystack.

$haystack The lookup in this string.
$needle If needle is not a string, it is converted to an integral type and is treated as a sequential value of the character.

return value

Returns the location where the needle exists. Returns FALSE if it is not found.

Hotlinking Judgment Code: asd.php

<?php//anti-theft chain technology//first determine whether to get to $_server[' http_referer '] variable if (isset ($_server[' http_referer ')) {  //Judge $_server[' HTTP _referer '] is not starting with http://localhost/  if (Strpos ($_server[' http_referer '), "http://localhost") ==0) {    echo '  ';  }  else{    Header ("Location:warning.php");//Jump page to warning.php    //echo $_server["Http_referer"];  }} else {  header ("Location:warning.php");}? >


Anti-theft chain verification code

<! DOCTYPE html>

The above is the understanding principle

Generally by configuring the server anti-theft chain, such as Nginx configuration access

(gif|jpg|jpeg|png|bmp|swf) white list of documents such as

Specific configuration can be Baidu search

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.