PHP prevents images from falling over the chain

Original address: http://blog.csdn.net/xueling022/article/details/530533831, Apache server to prevent pictures hotlinking method

If your site to picture-based, which day to find that the end of the traffic is almost exhausted, then you can use the picture to turn, in the premise of not modifying the page, the picture download request to other space (such as trial host), temporary transition.

Let's start by explaining that your pictures are in the IMG directory, and then drop a file named. htaccess in that directory, as follows:

rewriteengine on rewritecond %{http_referer} !^$ [nc] rewritecond %{http_ referer} !linuxidc.cn [nc] rewritecond %{http_referer} !google.com [nc]  rewritecond %{http_referer} !baidu.com [nc] rewriterule . (Jpg|gif|png|bmp|swf|jpeg)  /image/replace.gif [r,nc,l] rewriterule ^ (. *) $ http:// IMAGE.LINUXIDC.CN/IMAGE/$1 [L] 

Probably explained below:

Rewritecond%{http_referer}!^$ [NC] Rewritecond%{http_referer}!linuxidc.com [NC] Rewritecond%{HTTP_REFERER}! google.com [Nc]rewritecond%{http_referer}!baidu.com [NC]

This part is judged whether hotlinking, if the above conditions are established (that is, the request to access the picture, neither directly entered the URL, nor from the linuxidc.com, nor from the Google.com, nor from the baidu.com words), to perform the following turn:

Rewriterule. (jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l]

This means that all pages of JPG, GIF, PNG, BMP, SWF, JPEG files in the hotlinking img directory are replaced with replace.gif images in the image directory. Note Replace the displayed picture not in the IMG directory where the anti-theft chain is set. If the image request is not hotlinking according to the rules above, the following turns are performed:

Rewriterule ^ (. *) $ http://image.linuxidc.com/image/$1 [L]

This means that all requests to the IMG directory are directed to the target server, such as having a picture of the original URL is http://www.linuxidc.com/img/linuxidc.jpg, and will now go to http://image.linuxidc.com /image/linuxidc.jpg go. Of course, you have to first copy the files from the original server IMG directory to the image directory of the temporary server, and the steering is really available. The effect is to the original server image download the consumption of all the savings, so that the temporary server to bear.

2, set images directory does not permit HTTP access

Set the images directory to not allow HTTP access (the image directory: read, directory browsing two permissions removed).

Use a PHP file to read the image directly with the files function. In this PHP file for permission control.

In the Apache environment, add the following file to your image directory.

File name. htaccess

The contents of the file are as follows

# options the .htaccess files in directories can override.# edit  apache/conf/httpd.conf to AllowOverride in .htaccess# AllowOverride  authconfig# stop the directory list from being shownoptions -indexes#  controls who can get stuff from this server. Order deny,allowdeny from allallow from localhost 

class imgdata{public  $imgsrc;p ublic  $imgdata;p ublic  $imgform;p ublic function  Getdir ($source) {$this->imgsrc =  $source;} Public function img2data () {$this->_imgfrom ($this->imgsrc);return  $this->imgdata=fread ( fopen ($this->imgsrc, ' RB '), FileSize ($this->imgsrc));} Public function data2img () {Header ("Content-type: $this->imgform");echo  $this->imgdata;// echo  $this->imgform;//imagecreatefromstring ($this->imgdata);} Public function _imgfrom ($IMGSRC) {$info =getimagesize ($IMGSRC),//var_dump ($info);return  $this- >imgform =  $info [' MIME '];}} $n  = new imgdata; $n  -> getdir ("1.jpg");  //picture path, generally stored in the database, the user cannot get the real path, $n -> img2data () can be obtained according to the image ID (); $n  -> data2img ();

This code is to read the picture, and then output directly to the browser, in the read and output before the user's permission to judge.

The PHP reading here is not referring to the read path, but rather to reading the contents of the picture and then passing

Header (); Enter the image type, such as GIF png jpg, and output the contents of the image below, so the fread () is used.

In fact, you see image.php?id=100 is to display this picture in the browser, and you view the source file, see not the path of the picture, but garbled image content.

Similar to the QQ space of the encrypted album, only enter the password to access, and directly in the browser entered the encrypted album of the photo address is also inaccessible. My current idea is that the address of the picture is a php file, through PHP to verify permissions, read pictures, and output, do not know besides such a method there is more simple and efficient practice does not? For example, to generate a temporary browsing address, using some nginx anti-theft chain plug-in?

You can use Ngx_http_auth_basic_module to do it.

Modifying a configuration file

Location/{root/usr/local/nginx/html;auth_basic "auth"; auth_basic_user_file/usr/local/nginx/conf/htpasswd;index index.php index.htm;}

Auth_basic the auth in "Auth" is the title of the Popup box (enter user name and password)

AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; The/usr/local/nginx/conf/htpasswd in is the file where the password is saved

3, Nginx anti-theft chain:

4. Use Mod_ewrite to add judgment in http.conf

Setenvifnocase Referer "^http://www\.sitepoint\.com" locally_linked=1

Setenvifnocase Referer "^http:/sitepoint\.com" locally_linked=1

Setenvifnocase Referer "^$" locally_linked=1

<filesmatch "\. (gif|png|jpe?g) $ ">

Order Allow,deny

Allow from env=locally_linked

</FilesMatch>

5. Use session to determine permissions

PHP prevents images from falling over the chain