PHP image hotlink protection tool: Hotlink Protection_PHP tutorial

The principle of Hotlink Protection is to use Apache's RewriteCond function to detect the REFERER request when a file request is obtained, and only the URL of this website will be allowed. This principle is very suitable for the protection of self-made avatars, because avatars should only be used within this website.

The following takes discuz as an example to explain how to use it: Fire...fire...net...anti...theft...chain

Discuz’s built-in avatars are stored in the /forum/images/avatars/ directory. I only want to protect these built-in avatars. The avatars and other pictures uploaded by users do not restrict others from citing them, so the RewriteCond code can be placed in this directory:

Copy to ClipboardQuoted content: [www.bkjia.com] RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://bkjia.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://bkjia.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.bkjia.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.bkjia.com$ [NC]
RewriteRule .*.(jpg|jpeg|gif|png)$ http://www.bkjia.com/img/hp.gif [R,NC]

The four RewriteCond excludes four ways to access your own website, namely, visiting a certain page of the website without www, visiting the homepage of the website without www, visiting a certain page of the website with www, and visiting the homepage of the website with www. If it meets HTTP_REFERER other than these four situations, and the file ends with jpg or jpeg, gif, or png, it will be redirected to the http://www.bkjia.com/img/hp.gif file.

Save this file as .htaccess and upload it to the /forum/images/avatars/ directory. If you want to protect the images of the entire website, upload them to the root directory; if you want to protect files in other formats, add the extension directly to the RewriteRule.

By the way: This method has certain limitations. For example, some download tools can send custom "reference" values; in addition, the firewalls and anti-virus software installed by some users will prevent the browser from sending the HTTP_REFERER value to the server. Therefore their normal browsing will be affected. I really don’t know what the manufacturers of this type of firewall software think, because at most it only involves privacy (and it is mainly the privacy of the HTTP_REFERER website, which has nothing to do with visitors), and has nothing to do with network security.

http://www.bkjia.com/PHPjc/364608.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/364608.htmlTechArticleThe principle of Hotlink Protection is to use Apache’s RewriteCond function to detect the request REFERER when a file request is obtained. Only this website Only the URL will be allowed. This principle is very suitable for self-made avatars...