Teach you how to deal with anti-hotlinking technology

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Hotlinking refers to the service providers themselves do not provide services content, through technical means to bypass other beneficial end user interface (such as advertising), directly on their own website to provide end users with other service providers of service content, cheat end users Browse and click-through. Beneficiaries do not provide resources or provide scarce resources, while real service providers do not get any benefits.

Website Hotlinking will consume the bandwidth of the Hotlinking website massively, but the real click-through rate may be very small, seriously damage the interest of the Hotlinking website. Early hotlinking is generally some relatively small site to steal some of the strength of the big site's address, hotlinking goal is more targeted, now, some large sites have also begun to hotlinking eyes locked in the entire internet, stealing the entire internet of other machines bandwidth.

If the site hotlinking, will be a lot of bandwidth consumption, real hits will be very small, seriously damaging the interests of the site. Here are some of the methods I collected to prevent hotlinking:

1, irregular rename file or directory

Irregular changes to the file or directory name, is the most original hotlinking way, can be more effective to prevent the theft of the company, this method generally workload is relatively large. However, the batch of file renaming is completely automated, but also relatively easy to implement. When a file is renamed, a customer may be downloading the file, which can lead to a failure of normal client access, which is easy to resolve, but cannot be ignored.

2. Limit References page

This anti-theft chain principle is that the server obtains the user submits the information the website address, then compares with the real service end address, if the consistent indicates is the station submits, or for oneself trusts the site to submit, otherwise regards as hotlinking. When implemented, you can use Http_referer1 and htaccess files (which require mod_rewrite to be enabled) and a regular expression to match each user's access request. For each HTTP request, the server looks for the. htaccess file, which increases the number of times the file is read, and to some extent degrades performance. In addition, the server to open this feature, there are more restrictions.

3, File Camouflage

File camouflage is one of the most commonly used hotlinking techniques, typically combined with server-side dynamic scripting (php/jsp/asp). In fact, the user requested the file address, just a disguised script file, the script file will be authenticated to the user's request, will generally check session,cookie or http_referer as the basis for the hotlinking. And the real file is actually hidden in the user can not access the place, only after the user through authentication will return to the user.

4. Encryption authentication

This kind of hotlinking method obtains the user information from the client first, and then encrypts it as a string (session ID) based on this information and the file name requested by the user as authentication. Only when the authentication is successful will the server deliver the files that the user needs to the customer. Generally we will encrypt the session ID as a part of the URL parameters passed to the server, because the session ID and the user's information hook, so others are stolen links, the session ID can not pass identity authentication, so as to achieve the purpose of hotlinking. This approach is very effective for distributed hotlinking.

5. Other methods

There are many other ways to counter hotlinking, here only a general idea as a reference: ⑴iis anti-hotlinking, using Isapi_rewrite, can be used as a solution to Windows hotlinking; ⑵ image, add a watermark in the picture, although the hotlinking can achieve the goal, But they are also advertising their website.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.