Every website owner is trying to beautify his website to make it look cooler and more attractive. The most common method is to use pictures, logos and Flash. However, this also brings about a problem, because the more beautiful and attractive the website, the more beautiful pictures and Flash are easily stolen by other websites. Next we will discuss how to prevent website images from being processed by Apache
Every website owner is trying to beautify his website to make it look cooler and more attractive. The most common method is to use pictures, logos and Flash. However, this also brings about a problem, because the more beautiful and attractive the website, the more beautiful pictures and Flash are easily stolen by other websites. Next we will discuss how to prevent the theft of website images.
Problems to be solved
To put it simply, there are two different types of theft:
1. Mark IMG with HTML to reference images on your website.
2. download images from your website and place them on your website.
For the first type of theft, pictures of a legitimate website are used to beautify and describe other websites. This type of theft damages a legitimate website, because visitors who access illegal websites actually obtain images from legitimate websites, the log files of legitimate websites are full of access request records, and bandwidth is consumed by illegal access, however, legitimate websites do not have any benefits. This type of theft can be completely prevented by technical means.
The second type of theft is relatively Sinister. when a visitor directly accesses an illegal image on an illegal website, the copyright of the legitimate website is infringed, but the visitor is not compensated, or even cannot find this type of theft. This is because the Web method of work for this type of theft can not be blocked, but it can make this type of theft more difficult.
It is unrealistic to completely put an end to these two types of theft, but it is very difficult to use technical means. In the Apache environment, you can restrict the use of website images by configuration.
Identifies the file to be protected
As a website administrator, the greatest hope is to protect all documents on the website. However, it is unrealistic to consider this idea technically. Therefore, we will only discuss the protection of image files.
As the first step of protection, you must first identify the files to be protected before further protection of the identified files. Add the following content to the Apache configuration file:
[Add a protection restriction command here]
|
Set Container commands are included in Or And other containers, or separately listed, are not in any protection container, so that all files on the website will be protected, and can even be stored in. htaccess files. By placing the container in different locations, the protection scope varies.
Referer HTTP header field
When a user accesses a Web server to Request a page, the HTTP Request sent by the user's browser contains information called the HTTP Request Header, this header contains some information requested by the customer, such as the browser version, user language, user operating system platform, and user requested document name of the client host, this information is transmitted using the variable name/variable value.
In this information, the Referer field is very important to prevent image theft. The Referer field specifies the URL of the last page of the client. For example, if you access page A and click the link from page A to page B, the HTTP request to access page B will contain A Referer field, this field will contain the information "this request is from page ". If A request does not come from A page, but is accessed by entering the URL of page A in the browser address bar, the Referer field is not included in the HTTP request. How can this help prevent leeching? The Referer field helps you determine whether an image request comes from your own page or from other websites.
Use SetEnvIf to mark the image
As a simple example, suppose the home page of the website to be protected is http://my.apache.org, at this time, we hope to restrict all network access requests not from this website (for example, only images contained on this website page can be accessed ). Here, an environment variable can be used as a tag. if the condition is met, this variable is set as follows:
SetEnvIfNoCase Referer "^ http: // my \. apache \. org/" local_ref = 1
When Apache processes a request, it checks the Referer field in the HTTP request header. if the request comes from this website (that is, the URL of the request page is the website domain name ), set the environment variable local_ref to 1.
The string in double quotation marks is a regular expression. environment variables are set only when the regular expression is matched. This article does not discuss how to use regular expressions. here we only need to understand that the SetEnvIf * command uses regular expressions as parameters.
The "NoCase" section of the SetEnvIfNoCase command indicates that the regular expression here is case-insensitive. both 'http: // my.apache.org/'{'http://my.apache.org/' and 'http: // MY. APACHE. ORG/'can match.
Use environment variables in access control
The Order, Allow, and Deny commands in the Apache configuration file can implement access control based on environment variables of the document, to use the Order, Allow, and Deny commands, you must first consider the impact of the Order of the Allow and Deny commands on Apache processing results. use the following method:
Order Allow, Deny
Here, Apache first processes the Allow command related to the HTTP request, and then the related Deny command. The default policy for this method is Deny. Therefore, the request will be rejected unless explicitly permitted. any illegal access will fail.
Therefore, add the following command to the Apache configuration file httpd. conf to enable local reference:
Order Allow,DenyAllow from env=local_ref
|
In this way, the request is allowed only when the local_ref variable is defined. otherwise, all other requests and accesses will be rejected because these requests do not meet the Allow condition.
Note: Do not use it in. htaccess and httpd. conf. Container command. this container command is not required unless you have special requirements, for example, you want to perform different processing for Get requests and Post requests.
Put these settings together and the following content will be included in the Apache configuration file:
SetEnvIfNoCase Referer "^http://my\.apache\.org/" local_ref=1
Order Allow,Deny Allow from env=local_ref
|
The above configuration can be stored in the server configuration file httpd. conf, or stored in. in the htaccess file, the final effect is the same: within the scope of the functions of these commands, only images referenced from this website can be accessed.
Watermark an image
The method described above does not completely prevent Image leeching. this is because some persistent hackers can forge Referer values to steal images and make relevant settings invalid. Therefore, it is impossible to completely prevent website images from being leeched, however, the above measures will make leeching very difficult.
In addition, there is also a way to prevent image theft, that is, to process all the images on the website. Adding a special signature code to a digital image is used for verification and Detection. the digital watermark does not reduce the image quality, even after the image is cut, the remaining part of the image still includes the watermark information. After the image is edited, printed, and scanned again, the watermark can still be detected. Therefore, the watermark technology is a very good technology to protect images from being stolen.
Record theft requests
If you want to know whether your website's artwork has been stolen, you can use the same detection and environmental variables to record suspicious requests. For example, in httpd. if the following command is added to the conf file, all access requests with invalid Referer header information will be recorded in the/usr/local/web/apache/logs/poachers_log file:
SetEnvIfNoCase Referer "!^http://my\.apache\.org/" not_local_ref=1SetEnvIfNoCase Request_URI "\.(gif|jpg)" is_image=1RewriteEngine OnRewriteCond ${ENV:not_local_ref} =1RewriteCond ${ENV:is_image} =1RewriteRule .* - [Last,Env=poach_attempt:1]CustomLog logs/poachers_log CLF env=poach_attempt
|
In the code above, the first two conditions are marked (that is, the image file with no correct local Referer), RewriteCond checks whether the flag is set, and then RewriteRule sets the third flag, the last line records such access requests in a specific file.
The above briefly introduces how to restrict the use of website images by configuration in the Apache environment. I hope you can introduce your experience better.
