Summary and analysis of the eight common anti-leech protection methods (I have reposted and written it well, and added it to my favorites)

Summary and analysis of eight common anti-leech Methods

As a common Internet user, you do not need to know or care about leeching. However, if you are a website developer or maintainer, you have to pay attention to leeching. If you have just developed a website with the file download function without anti-leeching function, link it to the internet, upload a few popular software or movies, and publish them on the website, let all your friends on MSN experience your masterpiece. It won't be long before you find that the network speed is surprisingly slow. Even the server hosting center's waiters will call you enthusiastically to tell you that the website traffic is very high. It is estimated that the website is popular, if you want to pay for a wider bandwidth but more expensive network cable. During this celebration, Open Google Analytics and check out how many visitors visited your website. If you find that there are only 10 visitors each day, I am sorry to tell you: your website resources are unfortunately leeched. What's worse, when you delete all the files and movies on the website, the website still does not get much faster, from the access logs of the web server, we can find that crazy access requests are coming from all directions. The web server has no time to process normal pages to meet these visitors, this situation may last for several weeks.

In simple terms, the leeching of website resources is possible for others not to download resources from your website:
1. Directly reference (using tags) images on your website on popular websites, forums, and community websites, alternatively, you can embed mp3 files on your website directly on other webpages (using flash or Media Player Plug-ins.
2. Provide your resources on popular websites, forums, and communities.
3. The resources on your website may be included in the "resource Candidate List" by some download software. When other users download the same file using the download tool, the software will be automatically downloaded from your server.

Since the consequences of leeching are so terrible, which methods can be used to prevent leeching? In the following, we will summarize the common methods and some of the methods we have practiced from simplicity to complexity and analyze them briefly. However, unfortunately, these methods cannot completely prevent leeching, and the purpose of anti-leech protection should beReduce the impact of leeching to a certain extent, and allow legal users to download resources from your website in a natural and smooth manner..

Method 1: Determine the reference address

This method is the earliest and most common method. The reference address is the value of the Referer field in the HTTP header when the browser requests. This value can be obtained using the Request. UrlReferrer attribute in asp.net. Under normal circumstances, when a user clicks a link to the http://uushare.com/abc.html file while browsing the http://uushare.com/jacky.mp3, the browser will also attach the page address (that is, the http://uushare.com/abc.html) of the browser when sending a request for a jackyworkflow resource ), therefore, when your website program receives a request for downloading jackywheel resources, it first determines the value of the http referer field. If it comes from its own domain name (uushare.com, it can be considered as a valid connection request. Otherwise, an error message is returned.

This method is usually used for images and mp3 resources that are easily "embedded" into other websites by html users, this method can prevent your images from directly appearing on others' webpages (or prevent mp3 files from being directly embedded into flash players by other websites). However, visitors can easily download the files using the download tool, because the current download tool will automatically use your domain name to construct a reference address, so if you want to further prevent it, you can use a corresponding table to limit the reference address of each resource, for example, you can restrict the reference address of jackybench.

Method 2: Use logon Verification

This method is common in forums and communities. When a visitor requests a resource on the website, the visitor first checks whether the request passes logon verification (session or form Verification is often used in asp.net to record the logon status ), if you have not logged on, an error message is returned. By using this method, you can further determine whether the logon user has sufficient permissions for downloading with "Permissions.
However, because the logon status depends on the session id, and the session id is often stored in the cookie field of the http request, the download tool generally cannot obtain the cookie field of the browser, therefore, these resources are often unable to be downloaded using download tools, which makes it inconvenient for normal and legal users (because most users' systems have installed download tools, the download link is usually intercepted by the download tool, which makes it impossible to use the download function of the browser ). The simple solution is to put the session id in the URL.
Another disadvantage of this method is that visitors cannot download images anonymously. Therefore, this method is generally used only for forums and community websites.

Method 3: Use cookies

In fact, this method is similar to method 2 in principle. A dynamic cookie is generated on the page showing the "Download" link. when processing the resource download request, the system first checks whether the cookie contains the correct cookie. If not, an error message is returned. As for how to generate this dynamic value, you can determine whether the dynamic value is valid in reverse order. For example, you can remove the current time in seconds to obtain the hash value (also called the hash value ). If the webpage program is asp.net, it is simpler. You can store a string or number in the Session and check whether the string or number exists in the Session before processing the download request. The disadvantage of using this method is the same as that of method 2.

Method 4: Use POST to download

The client browser requests resources by using the http get method. In fact, the POST method can also return data to the client. Therefore, you can replace the download link with a Form and a button to put the name or id of the file to be downloaded in a hidden text box (Input) of the Form, when a user clicks the submit button, the service program first checks whether the request is POST. If yes, the service program reads the binary data of the target resource and writes it to the response object (respone in asp.net. binaryWrite method ).
The disadvantage of using this method is that the download tool cannot be used, and resumable data transfer cannot be implemented. But what is better than method 2 and 3 is that the download tool does not intercept your download action, so normal users still download files smoothly. This method is suitable for downloading small files.

Method 5: Use the graphic Verification Code

This method ensures that each download is a "person" download on your website, rather than a download tool. Because there are many ways to use the graphic verification code on the Internet, we will not repeat it here. The disadvantage of this method is that it is easy for normal users to feel trouble.

Method 6: Use a dynamic file name

It is also called the dynamic Key method. When a user clicks a download link, a Key is first calculated on the program end (using a Key generated by a certain rule, it is best not to use a random string such as GUID, and the Key must have a certain validity period), then record the Key in the database or Cache and its corresponding resource ID or file name, and finally redirect the webpage to a new URL address, the new URL must contain this Key. When a browser or download Tool sends a download request, the program first checks whether the Key exists. If yes, the corresponding resource data is returned.
The advantage of this method is that the download tool can also be downloaded, and resumable data transfer can be performed before the Key expires, and the number of download threads can be controlled through the Key.

The disadvantage of using this method (including all the above methods that support download tools) is that when any user downloads the download successfully, your resources will be included in the "resource Candidate List" by some download tools. When others download the same files elsewhere, the download tool will continuously connect to your server, even if your file has been deleted or the Key has expired, this will cause DDos attacks. Next we will introduce two methods to allow download tools and prevent leeching.

Method 7: Modify resource content

Most popular resources are movies, mp3 files, large compressed packages, etc. These files are all in many places where data can be inserted. For example, mp3 has a tag area, rar/zip has a remark area. The content of a movie can be anywhere, as long as some random bytes (several bytes) are dynamically injected to these places during the download process ), the hash value of the entire file (that is, the hash value and fingerprint value) can be changed, so that the hash value of the file downloaded from your website is different from that of others, this prevents the download tool from picking up the site. This method works with Method 6 to achieve better anti-leech protection. The disadvantage is that, although the modified part of the file is not "viewed" or "listened", it is more or less uncomfortable for people who know it. In addition, if someone else places the files downloaded from your website to another website, there is still a situation where the download tool is active on-site (although it actually cannot download the content ).

Method 8: Package and download

This method is the same as Method 7, but this time it is not modified to the original file, but added a "shell" on the basis of the original file ", make the hash value of the resource different from that of others. With this method, you can achieve the same effect of Method 6 without modifying the original content of the resource. If you are a bit harsh, you can even put some of your own advertisements during packaging. The disadvantage is that users need to compress each download, but most people currently know how to decompress the package, so this disadvantage is sometimes negligible.

Well, some common anti-leech methods are listed above. If you have other methods to add, you can post them in the comments. Reprinted please indicate the source of the article (http://www.cnblogs.com/uubox) Thank you!