Of Stack

php Realization of Anti theft Chain between Picture File and Download File

  • 2021-07-24 10:25:48
  • OfStack

This paper describes the method of php to realize the anti-theft chain of picture files and downloaded files. Share it for your reference. The specific analysis is as follows:

The simplest anti-theft chain method in php is to use the $_ SERVER ['HTTP_REFERER'] function of php to operate, but this method is unreliable, and we finally need to use apache and iis to operate. The specific operation methods are as follows:

php anti-theft chain: 

<?php

session_start();

session_register('check');

$_SESSION['check']=true;

?>

Check the session variable to determine whether to visit the home page. And check that his source page reference (HTTP_REFERER) is from a page of the local website.

The method is as follows: 

<?php

session_start();

$refs = parse_url($_SERVER['HTTP_REFERER']); // Decompose reference web page information 

// Check Home Page session And the source host is the same 

if(!($_SESSION['check']) || $refs['host'] != $_SERVER['HTTP_HOST'])

exit;

?>

Note: This can only be a simple anti-theft chain. If you know a little about 1 point, you can crack it.

Use the server to set up php anti-theft connection

apache anti-theft chain:

Modify httpd. conf: 

SetEnvIfNoCase Referer "^" local_ref=1 

<FilesMatch ".(gif|jpg)"> 

Order Allow,Deny 

Allow from env=local_ref 

</FilesMatch>

If you want to display a picture of "No chain theft", we can use mod_rewrite to achieve it.
First, load the mod_rewrite module by adding the--enable-rewrite parameter when installing apache.
Assuming that the picture of "No chain theft" is abc. gif, we can configure it as follows in httpd. conf: 

RewriteEngine on 

RewriteCond %{HTTP_REFERER} !^$ 

RewriteCond %{HTTP_REFERER} !^http://(www.)?www.ofstack.com /.*$ [NC] 

RewriteRule .(gif|jpg)$ abc.gif [R,L]

DocumentRoot "/usr/local/apache/htdocs" 

# Set up the storage site html The directory of the file. 

<Directory /> 

Options FollowSymLinks 

AllowOverride None 

</Directory>

iis anti-theft chain:

Select c: RewriteRewrite. dll for the execution file
httpd. ini is the configuration file
Picture anti-theft chain code 


[ISAPI_Rewrite] 

# 3600 = 1 hour 

CacheClockRate 3600 

RepeatLimit 32 

# Protect httpd.ini and httpd.parse.errors files 

# from accessing through HTTP 

RewriteCond Host: (.+) 

RewriteCond Referer: (?!http://1.*).* 

RewriteRule .*.(?:gif|jpg|png|bmp) /force.gif [I,O]

I hope this article is helpful to everyone's PHP programming.

Related articles: