Php can prevent image theft or leeching,

Php can prevent image theft or leeching,

Today, many websites are collected on the Internet, and many websites like leeching/stealing pictures of others' websites. This not only infringes on the network right, but also causes the leeching of websites to consume a lot of traffic, this article introduces two methods for php to prevent image theft/leeching. For more information, see.

What is the purpose of anti-leech protection? Prevent other websites from stealing your images and wasting your valuable traffic. This article introduces two methods for php to prevent image theft/leeching.

 

How to Prevent image leeching on the Apache server

If your website is dominated by images and the traffic will soon run out at the end of the month, you can use images to turn around without modifying the webpage, the image download request is redirected to another space (such as a trial host) for temporary transition.

For example, if your images are under the img directory, place a file named. htaccess in the directory. The content is as follows:

RewriteEngine on RewriteCond % {HTTP_REFERER }! ^ $ [NC] RewriteCond % {HTTP_REFERER }! Simcole.cn [NC] RewriteCond % {HTTP_REFERER }! Zhuaxia.com [NC] RewriteCond % {HTTP_REFERER }! Google.com [NC] RewriteCond % {HTTP_REFERER }! Baidu.com [NC] RewriteCond % {HTTP_REFERER }! Bloglines.com [NC]/* Author: codenong tutorial http://www.manongjc.com */RewriteRule. (jpg | gif | png | bmp | swf | jpeg)/image/replace.gif [R, NC, L] RewriteRule ^ (. *) $ http://image.simcole.cn/image/#1 [L]

Below is a rough explanation:

RewriteCond % {HTTP_REFERER }! ^ $ [NC] RewriteCond % {HTTP_REFERER }! Simcole.cn [NC] RewriteCond % {HTTP_REFERER }! Zhuaxia.com [NC] RewriteCond % {HTTP_REFERER }! Google.com [NC]/* Author: codenong tutorial http://www.manongjc.com/article/1550.html */RewriteCond % {HTTP_REFERER }! Baidu.com [NC] RewriteCond % {HTTP_REFERER }! Bloglines.com [NC]

This part is to determine whether or not to steal the chain. If the above conditions are true (that is, the request to access the image is neither directly entering the URL nor from simcole.cn, nor from zhuaxia.com or google.com, or from baidu.com or bloglines.com:

RewriteRule .(jpg|gif|png|bmp|swf|jpeg) /image/replace.gif [R,NC,L]

This means that all webpages with jpg, gif, png, bmp, swf, and jpeg files under the img directory are replaced by replace.gif images under the image directory. Note that do not place the displayed images in the img directory with anti-leech settings. If the image request is not leeching based on the above rules, perform the following redirection:

RewriteRule ^(.*)$ http://image.simcole.cn/image/$1 [L]

It means that all the requests under the img directory are directed to the target server, for example, there is a picture that the original url is a http://www.bebecn.com/img/girl.jpg, And now it will go to the http://image.bebecn.com/image/girl.jpg. Of course, you must copy all the files under the img directory of the original server to the image directory of the temporary server to make the switch available. The effect is to save all the traffic occupied by image downloads on the original server, so that the temporary server can afford it.

 

Setting the images directory does not allow http access

Set the images directory to not allow http access (remove the following permissions for image directories: Read and directory browsing ).
Use a PHP file and the file function to read the image. Perform permission control in this PHP file.
In the apache environment, add this file to and from your image directory.

File Name. htaccess
The file content is as follows:

# options the .htaccess files in directories can override.# Edit apache/conf/httpd.conf to AllowOverride in .htaccess# AllowOverride AuthConfig# Stop the directory list from being shownOptions -Indexes# Controls who can get stuff from this server.Order Deny,AllowDeny from allAllow from localhost

Other web environments such as iss and nginx are similar.

Class imgdata {public $ imgsrc; public $ imgdata; public $ imgform; public function getdir ($ source) {$ this-> imgsrc = $ source;} public function img2data () {$ this-> _ imgfrom ($ this-> imgsrc); return $ this-> imgdata = fread (fopen ($ this-> imgsrc, 'rb '), filesize ($ this-> imgsrc);} public function data2img () {header ("content-type: $ this-> imgform"); echo $ this-> imgdata; // echo $ this-> imgform; // imagecreatefromstring ($ this-> imgdata);} public function _ imgfrom ($ imgsrc) {$ info = getimagesize ($ imgsrc ); // var_dump ($ info);/* Author: codefarm tutorial http://www.manongjc.com */return $ this-> imgform = $ info ['mime '];} $ n = new imgdata; $ n-> getdir(1_1.jpg "); // The image path, which is generally stored in the database and cannot be obtained by the user, you can obtain $ n-> img2data (); $ n-> data2img () based on the image ID ();

This Code reads the image and then directly outputs it to the browser. Before reading and outputting the image, you can determine the user permissions.
In this example, PHP reads an image, instead of reading a path, but reading the image content.
Header (); input image type, such as gif png jpg, and the following output image content, so fread () is used ()
Actually, you see image. php? Id = 100 indicates that the image is displayed in the browser. When you view the source file, you will not see the path of the image, but the garbled image content.

Similar to the encrypted album in the QQ space, only the password can be accessed, and you cannot directly enter the photo address in the encrypted album in the browser. My current idea is that the image address is a php file. I use php to verify the permission, read the image, and output the image. I don't know if there is a simpler and more efficient way to do this? For example, how can I generate a temporary browsing address and use some anti-leech plug-ins of nginx?
You can use ngx_http_auth_basic_module.

Modify configuration file

location / {root /usr/local/nginx/html;auth_basic “Auth”;auth_basic_user_file /usr/local/nginx/conf/htpasswd;index index.php index.htm;}

Auth in auth_basic "Auth" is the title of the pop-up box (enter the user name and password)
Auth_basic_user_file/usr/local/nginx/conf/htpasswd;/usr/local/nginx/conf/htpasswd is the password SAVING file.