Today's Internet, the collection of Web sites are very many, many sites like hotlinking/misappropriation of other people's website pictures, so not only violated the network rights, but also caused by the hotlinking of the site consumes a lot of traffic, to the server caused relatively large pressure, this article to introduce how PHP to prevent image theft/hotlinking two ways, You need a friend to refer to.
What is the use of image anti-theft chain? Prevent other websites from stealing your pictures and wasting your valuable traffic. This article introduces you to PHP to prevent image theft/hotlinking two ways
- Apache Image Redirection method
- Setting the images directory does not permit HTTP access
How to prevent image hotlinking under Apache server
If your site to picture-based, which day to find that the end of the traffic is almost exhausted, then you can use the picture to turn, in the premise of not modifying the page, the picture download request to other space (such as trial host), temporary transition.
Let's start by explaining that your pictures are in the IMG directory, and then drop a file named. htaccess in that directory, as follows:
Rewriteengine on Rewritecond%{http_referer}!^$ [NC] Rewritecond%{http_referer}!simcole.cn [NC] RewriteCond%{HTTP_REF Erer}!zhuaxia.com [NC] Rewritecond%{http_referer}!google.com [NC] Rewritecond%{http_referer}!baidu.com [NC] RewriteC Ond%{http_referer}!bloglines.com [nc]/* Code Farm tutorial http://www.manongjc.com */rewriterule. Jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l] rewriterule ^ (. *) $ http://image.simcole.cn/image/$1 [L]
Probably explained below:
Rewritecond%{http_referer}!^$ [NC] Rewritecond%{http_referer}!simcole.cn [NC] Rewritecond%{HTTP_REFERER}! zhuaxia.com [NC] Rewritecond%{http_referer}!google.com [nc]/* yards Farm tutorial http://www.manongjc.com/article/1550.html */rewritecond%{http_referer}!baidu.com [NC] Rewritecond%{http_referer}!bloglines.com [NC]
This part is judged whether hotlinking, if the above conditions are set up (that is, the request to access the picture, neither directly enter the URL, Nor is it from simcole.cn, nor from zhuaxia.com, nor from Google.com, nor from baidu.com, nor from Bloglines.com, to perform the following turns:
Rewriterule. (jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l]
This means that all pages of JPG, GIF, PNG, BMP, SWF, JPEG files in the hotlinking img directory are replaced with replace.gif images in the image directory. Note Replace the displayed picture not in the IMG directory where the anti-theft chain is set. If the image request is not hotlinking according to the rules above, the following turns are performed:
Rewriterule ^ (. *) $ http://image.simcole.cn/image/$1 [L]
This means that all requests to the IMG directory are directed to the target server, such as having a picture of the original URL is http://www.bebecn.com/img/girl.jpg, and will now go to http://image.bebecn.com/image/ Girl.jpg go. Of course, you have to first copy the files from the original server IMG directory to the image directory of the temporary server, and the steering is really available. The effect is to the original server image download the consumption of all the savings, so that the temporary server to bear.
Setting the images directory does not permit HTTP access
Set the images directory to not allow HTTP access (the image directory: read, directory browsing two permissions removed).
Use a PHP file to read the image directly with the files function. In this PHP file for permission control.
In the Apache environment, add the following file to your image directory.
File name. htaccess
The file contents are as follows
# Options The. htaccess files in directories can override.# Edit apache/conf/httpd.conf to allowoverride in. htaccess# All Owoverride authconfig# Stop The directory list from being shownoptions-indexes# Controls who can get stuff from this serv Er. Order deny,allowdeny from Allallow from localhost
Other web environments, such as Iss,nginx, are similar.
classimgdata{ Public $imgsrc; Public $imgdata; Public $imgform; Public functionGetdir ($source){$this->IMGSRC =$source;} Public functionImg2data () {$this->_imgfrom ($this-imgsrc);return $this->imgdata=fread(fopen($this->IMGSRC, ' RB '),filesize($this-imgsrc));} Public functiondata2img () {Header("Content-type:$this-imgform ");Echo $this-Imgdata;//echo $this->imgform;//imagecreatefromstring ($this->imgdata);} Public function_imgfrom ($imgsrc){$info=getimagesize($imgsrc);//Var_dump ($info);/*Code Farming tutorial http://www.manongjc.com*/return $this->imgform =$info[' MIME '];}}$n=NewImgdata;$n-Getdir ("1.jpg");//picture path, generally stored in the database, the user can not get the real path, according to the image ID to get$n-Img2data ();$nData2img ();
This code is to read the picture, and then output directly to the browser, in the read and output before the user's permission to judge.
The PHP reading here is not referring to the read path, but rather to reading the contents of the picture and then passing
Header (); Enter the image type, such as GIF png jpg, and output the contents of the image below, so the fread () is used.
In fact, you see image.php?id=100 is to display this picture in the browser, and you view the source file, see not the path of the picture, but garbled image content.
Similar to the QQ space of the encrypted album, only enter the password to access, and directly in the browser entered the encrypted album of the photo address is also inaccessible. My current idea is that the address of the picture is a php file, through PHP to verify permissions, read pictures, and output, do not know besides such a method there is more simple and efficient practice does not? For example, to generate a temporary browsing address, using some nginx anti-theft chain plug-in?
You can use Ngx_http_auth_basic_module to do it.
Modifying a configuration file
Location/{root/usr/local/nginx/html;auth_basic "auth"; auth_basic_user_file/usr/local/nginx/conf/htpasswd;index index.php index.htm;}
Auth_basic the auth in "Auth" is the title of the Popup box (enter user name and password)
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; The/usr/local/nginx/conf/htpasswd in is the file where the password is saved
PHP How to prevent image theft/hotlinking two ways