How the Web site anti-theft chain first to know its principle

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

There are special field record Referer in the HTTP standard protocol. This can be traced back to the previous inbound address. For a resource file, you can track what the address of the Web page contains. So all anti-theft chain methods are based on this referer field. More than 2 kinds of online.

One is to use the Apache file Filematch limit, add in httpd.conf (in fact, you can also save the following statement as a. htaccess file) and put it in the root directory of your site (that is, the www/html directory), There is no way for others to steal your stuff.

Setenvifnocase Referer "^http://www.zw361.com/" local_ref=1

Order Allow,deny

Allow from Env=local_ref

Allow from 127.0.0.1

This makes it convenient to disallow access URLs to reference various resource files.

Please note that the first sentence "^http://www.zw361.com/" changed to your site, such as My site is: http://www.abc.cn.

I should have written this:

"^http://www.abc.cn/"

The second is the use of rewrite, the need to add Apache Mode_rewrite, support. htaccess file directory permission restrictions.

Add the. htaccess file in the root directory of the virtual host, describing from the orientation, refer the image files from the non-local address to the warning picture or warning page. First make sure your server or space server interpreter engine for Apache2 and support. htaccess Client setup file, if you have your own server, please make the following modifications to the./conf/httpd.conf file

Find: #LoadModule rewrite_module modules/mod_rewrite.so

Get rid of the front #

Find and wait for a allowoverride None to allowoverride all

Restarting the APACHE2 server

The next thing is to make a. htaccess file, the. htaccess file contains

Rewriteengine on

Rewritecond%{http_referer}!^http://aaoo.net/.*$ [NC]

Rewritecond%{http_referer}!^http://aaoo.net$ [NC]

Rewritecond%{http_referer}!^http://www.aaoo.net/.*$ [NC]

Rewritecond%{http_referer}!^http://www.aaoo.net$ [NC]

Rewriterule. (jpg|jpeg|gif|png|bmp|rar|zip|exe) $ http://down.yoyo.com.ru/err.html [R,NC]

where all the colored places are changed to yours:

Red: That is, you provide the address of the download page, that is, only through this address can download the dongdong you provided.

Blue: is to protect file extensions (separated by |), meaning that files with these extensions are accessible only through red addresses.

Green: Redirects to a green address if the blue files are not accessed through a red address.

The advantage of this approach is that different virtual hosts are defined with different descriptions.

Then how to use the. htaccess file to implement the Anti-Theft chain.

First you have to build two directories in space (with your directory name, of course), one for the web is down, the web is used to put down the download page (or downloading the program), down of course is to give you the Dongdong, the. htaccess file of the red part of the change, to http://your domain name/ Web。 The blue section changes to the extension you want to protect the file. Change the green section to http://your domain self-help. Save the. htaccess file and upload it to the down directory.

There are also three:

I found a problem when I solved the plog ban hotlinking, and it was a good method. Plog all resources are managed by themselves, using resserver.php to dynamically display, such a unified access to add permissions to facilitate the operation. At the same time, the above 2 methods can not be used, because it is no longer Apache direct access to the resource file, but PHP read through the file. So you can only tamper with the code: before reading the output of the resource file, add the following judgment code

Reference

$referer = $_server[' Http_referer '];

$selfurl = $_server[' http_host '];

if (false = = Strpos ($referer, $selfurl))

{

echo ' Illegal hotlinking! '

Exit (1);

}

Here some lazy, directly to see whether the reference address contains a host address, but the principle is this, to determine whether Referer is the site address. We often download the time, also encountered hotlinking Web site can not download, reported the problem of hotlinking. The easiest way to download this type of file is to change the referer. For example, in FlashGet, the URL below the "Reference" column, directly fill in the download address on it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.