Make a website, upload a picture to a certain location on the server, and then directly access the picture through a link. This means that when others get the link, they can directly enter the absolute path in the browser to see it. How can it be prevented?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
The poster can try out the cloud storage of Youpaiyun. It has Token anti-leeching to solve the problem you mentioned. This article is provided to help you understand Token anti-leeching.
Recommended article: Detailed explanation of Token anti-leeching
Renovate the picture server so that the picture folder is not directly exposed to the outside world. Set up an Http proxy service on the image server. The URL to access the image must have a legal token parameter to allow access, such as
http://www.imgserver.com/test.jpg?t=xT5112XabseFg0,The t parameter is generated by the encryption algorithm you set yourself, and it contains the creation time of this parameter.
After receiving this request, the server decrypts the token and gets the timestamp inside. If it was created within 10 seconds (you can set the validity period you want), it returns the image information, otherwise access is denied.
Such an image link has the concept of validity period. When you use it, you can load the image with legal t parameters and display it to the user normally. At this time, the user copies the image address and directly accesses it in the browser. It is likely that the validity period has expired and naturally cannot be opened.
In addition, there is a simpler method to prevent hotlinking: (of course it can also be used in combination with the above method)
1. The stupidest way is to encrypt the image file name, which cannot prevent the link from being stolen
2. Use base64 to load the image
3. Access outside the middleware setting method
Search for image hotlink protection, there is too much to say about this aspect.
This kind of demand is better solved with picture anti-hotlinking technology.
You can try the object storage function of the cloud platform. Alibaba Cloud and Qiniu both have them. The permissions for uploading and downloading are separated, or there are also relatively traditional functions such as anti-leeching.
Understand
thinkphp5, why does he put the entry file in the public directory?Because this can ensure that the resources in your project, such as pictures, cannot be directly accessed by the browser, and can only be accessed through a single entry file index.php, so that your pictures or certain code files cannot be directly accessed!
You can follow this idea and set access permissions so that image resources can only be accessed through the entry file
Pictures are uploaded for people to see. I guess you want the anti-theft company. When turning on the anti-theft connection, you can usually check the referer and choose to disable the empty referer. Of course, we must completely guard against theft. You can use methods such as not disclosing the real address, or adding a token.
If the http server you use is apache, then create a new .htaccess in the image directory and write the following code:
The principle is to use the rewrite function of apache to determine whether the referer comes from abc.com, and if not, jump to localhost.
If the picture is accessed directly, there is no referer. If it is referenced from other websites, the referer is the domain name of the other website. Access is not allowed, which can achieve the effect of protecting the image and saving traffic.
I just want to say, why not put it on the server! Just put it up and watch! What the hell is anti-hotlinking, it’s good enough to prevent newbies!