Two ways to prevent image embezzlement and hotlinking in PHP _php skills

Today's Internet, collection site is very much, many sites like hotlinking/Steal other people's Web site pictures, so not only violate the network rights, but also caused by the hotlinking of the site to consume a lot of traffic, to the server caused by a greater pressure, this article to you to introduce how to prevent the photo theft/hotlinking two methods, A friend in Need can refer to it.

What is the use of picture anti-theft chain? Prevent other websites from stealing your pictures and wasting your valuable traffic.

This article introduces you to the two methods of preventing picture embezzlement/hotlinking in PHP

1, Apache image redirection method
2, set the images directory is not allowed HTTP access

The way to prevent picture hotlinking under Apache server
If your site to the main picture, which day to find the end of the month did not reach the traffic is running out, then you can use the picture to turn, without modifying the premise of the page, the picture download request to other space (such as trial host), temporary transition.

Let's start with a description, such as your pictures are in the IMG directory, then devolve a file named. htaccess in the directory, which reads as follows:

Rewriteengine on
 
rewritecond%{http_referer}!^$ [NC]
 
rewritecond%{http_referer}!simcole.cn [NC]
 
Rewritecond%{http_referer}!zhuaxia.com [NC]
 
rewritecond%{http_referer}!google.com [NC]
 
Rewritecond%{HTTP _referer}!baidu.com [NC]
 
rewritecond%{http_referer}!bloglines.com [NC]
/* Author: Code Agriculture tutorial Http://www.manongjc.com  */
Rewriterule. (jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l]
 
rewriterule ^ (. *) $ http://image.simcole.cn/image/$1 [L]
Copy Code

Probably explained:

Rewritecond%{http_referer}!^$ [NC]
 
rewritecond%{http_referer}!simcole.cn [NC]
 
Rewritecond%{HTTP_ REFERER}!zhuaxia.com [NC]
 
rewritecond%{http_referer}!google.com [NC]
/* Author: Code Agriculture tutorial http://www.manongjc.com/ article/1550.html  */
Rewritecond%{http_referer}!baidu.com [NC]
 
rewritecond%{http_referer}! bloglines.com [NC]

This part is to determine whether hotlinking, if the above conditions are set up (that is, access to the picture of the request, neither directly entered the URL, Nor from the simcole.cn, nor from the zhuaxia.com, nor from the Google.com, nor from the baidu.com, nor from the bloglines.com, to perform the following turns:

Copy Code code as follows:

Rewriterule. (jpg|gif|png|bmp|swf|jpeg)/image/replace.gif [r,nc,l]

The meaning is to let all hotlinking img directory of JPG, GIF, PNG, BMP, SWF, JPEG files of the Web page, display pictures are replaced with replace.gif pictures in the image directory. Note that replacing the displayed picture is not placed under an IMG directory that sets the anti-theft chain. If the picture request is not hotlinking according to the rules above, perform the following turn:

Copy Code code as follows:

Rewriterule ^ (. *) $ http://image.simcole.cn/image/$1 [L]

This means that all requests to the IMG directory are directed to the target server, such as a picture where the original URL is yun_qi_img/girl.jpg and will now go to yun_qi_img/girl.jpg . Of course, you have to copy all the files from the original server IMG directory to the image directory of the staging server, and the steering is only really available. The effect is to the original server picture download occupied by the flow of all save, let the temporary server to bear.

setting the images directory does not permit HTTP access

The images directory is set to not allow HTTP access (image directory: read, directory browsing two permissions removed).
Using a PHP file, read the picture directly with the file function. Control the permissions in this PHP file.
In the Apache environment, add the following file to your picture catalog.

File name. htaccess
The contents of the document are as follows

# Options The. htaccess files in directories can override.
# Edit apache/conf/httpd.conf to allowoverride in. htaccess
# allowoverride authconfig
# Stop the directory list F Rom being shown
options-indexes
# Controls who can get stuff to this server.
Order Deny,allow
Deny from all
Allow to localhost

Other web environments such as Iss,nginx are similar.

Class imgdata{public
$imgsrc;
public $imgdata;
public $imgform;
Public Function Getdir ($source) {
$this->imgsrc = $source;
}
Public Function Img2data () {
$this->_imgfrom ($this->imgsrc);
return $this->imgdata=fread (fopen ($this->imgsrc, ' RB '), FileSize ($this->imgsrc));
Public Function data2img () {
header ("Content-type: $this->imgform");
echo $this->imgdata;
echo $this->imgform;
Imagecreatefromstring ($this->imgdata);
Public Function _imgfrom ($imgsrc) {
$info =getimagesize ($IMGSRC);
Var_dump ($info);
/* Author: Code Agriculture Tutorial http://www.manongjc.com/return
$this->imgform = $info [' MIME ']
;
}
$n = new Imgdata;
$n-> getdir ("1.jpg"); Picture path, generally stored in the database, users can not get the real path, according to the picture ID to obtain
$n-> img2data ();
$n-> data2img ();

This code is to read the picture, and then directly output to the browser, in the read and output before the user permissions to determine.
PHP read the picture here, not to read the path, but to read the contents of the picture, and then through the header (), input picture type, such as GIF png jpg, and so on, the following output the contents of the picture, so the use of fread ().

In fact, you see image.php?id=100 is to show this picture in the browser, and you look at the source file, you will not see the path of the picture, but garbled image content.

Similar to the QQ space of the encrypted album, only the input password to access, and directly in the browser to enter the encrypted album photo address is also inaccessible. My current idea is that the image of the address is a PHP file, through PHP validation permissions, read the picture, and output, do not know besides such a method there is a more simple and efficient approach? For example, to generate a temporary browse address, using some nginx of some anti-theft chain plug-ins?
You can use Ngx_http_auth_basic_module to do it.

Modify configuration file

Location/{
root/usr/local/nginx/html;
Auth_basic "Auth";
AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD;
Index index.php index.htm;
}

The auth in auth_basic "auth" is the title of the pop-up box (enter username and password)
auth_basic_user_file/usr/local/nginx/conf/htpasswd; The/usr/local/nginx/conf/htpasswd in is the file that holds the password

The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.