IIS really works with ISAPI Rewrite pictures against hotlinking rules
- 2020-05-06 12:01:30
- OfStack
Through G. CN and B. CN the several different scheme is obtained after the search, such as web application charge URL camouflage method, on the server side plug-in method and ISAPI - REWRITE rule filtering method, considering its own site structure and difficult problem for the purse, finally chose the latter, namely the popular now used for pseudo static ISAPI Rewrite writing rules to realize my hotlinking prevention "dream".
Why a dream? First said sorry, lazy I search for a big team after numerous reprint articles, apply now in the code and found or simply doesn't work, or the effect of less than I want, after the tortuous finally put this thought can easily copy for reference of preventing hotlinking to finished, hate those who will only be reproduced and pseudo original owners, oneself also don't try to fill, hurt many people waste a lot of time.
The following ISAPI Rewrite is working on my server after a tutorial on correcting and correcting expressions and making changes to the rules left by the previous generation.
After testing four kinds of normal, that is, the site links normal, the white list of links in the normal, hotlinking link block, search engine links normal.
The details are as follows;
1. Completely block all hotlinking sources (if there are other rules, put them on top of the existing rules)
Boss, a quick refresher:
The first line defines the scope of the request host to which the rules under RewriteCond apply by HOST.
The second line defines the source address of the request for which the rules apply through RewriteCond's Referer. We all know that any website accessed via the Internet will leave a trace of Referer, as we saw in IIS's log. (here? ! http://\1.*).
The third line defines the suffix of the anti-hotlinking file by RewriteRule, which is just the suffix of the picture. If you need it, you can add mp3,rar and all other suffixes. The following/block.gif indicates that if the file with these suffixes is redirected after hotlinking, here it is redirected to/root directory block.gif, which can be HTML or any other file. If you only want a folder below the file is not hotlinking, just need to add the path. For example, you don't want files in the images and pic directories to be stolen, but others can. I'm going to rewrite it as
RewriteRule (/images/|/pic/).*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
This kind of circumstance basically is some stationmaster is in the picture address in others friendship link is in oneself here.
Backmost [I, O, N], said I case-insensitive, O said to standardization of URL, may be used to handle Unicode encoded address (for example, contains Chinese URL) and the content of the QueryString, N said from the site again request file rather than read from the local cache file, the purpose is to prevent when the user visits the stolen your chain site, go back to your website also appears hotlinking hints.
Note that because this rule is filtered through Referer to get an address with http://, it does not protect against hotlinking of other protocols, such as thunderbolt download. But direct access from any browser, as long as it is HTTP co- sense, kill.
The above function of RewriteCond and RewriteRule is only my understanding of native law. Those who have professional research in this field are welcome to correct in the comments, so as not to mislead. In addition, if you encounter problems with isapi-rewrite version, just make sure that the following regular formula is written correctly.
Two, exclude sex to prevent hotlinking write
Boss, a quick refresher:
The first row is
The second row is the same as
The third line filters the request address in the second line with a regular expression, which filters all the popular search engines, including your own site, or other sites on your server. Each different domain name is \.baidu \.com, multiple separated by |. If it's IP, write 100\.100\.100\.100
The fourth row is the same as
above This explanation should not be difficult to understand, directly use, according to the original format.
Regular expression symbol ursols that appear in rules:
. Matches any character
except the newline character + indicates that the preceding character can appear one to any number of times
* indicates that the preceding character can appear zero to any number of
() represents an expression group, which can be understood with addition, subtraction, multiplication and division ? ! The following
match is no longer performed if the character following the assertion symbol appears \ represents an escape symbol, such as in a web address. It is an arithmetic symbol built into the rule to be escaped into a character by \.
| represents or is used to connect multiple possible
Through the above "messy" symbol, unexpectedly formed such a powerful rule, exclamation!
Why a dream? First said sorry, lazy I search for a big team after numerous reprint articles, apply now in the code and found or simply doesn't work, or the effect of less than I want, after the tortuous finally put this thought can easily copy for reference of preventing hotlinking to finished, hate those who will only be reproduced and pseudo original owners, oneself also don't try to fill, hurt many people waste a lot of time.
The following ISAPI Rewrite is working on my server after a tutorial on correcting and correcting expressions and making changes to the rules left by the previous generation.
After testing four kinds of normal, that is, the site links normal, the white list of links in the normal, hotlinking link block, search engine links normal.
The details are as follows;
1. Completely block all hotlinking sources (if there are other rules, put them on top of the existing rules)
RewriteCond Host: (.+)
RewriteCond Referer: (?!http://\1.*).*
RewriteRule .*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
Boss, a quick refresher:
The first line defines the scope of the request host to which the rules under RewriteCond apply by HOST.
The second line defines the source address of the request for which the rules apply through RewriteCond's Referer. We all know that any website accessed via the Internet will leave a trace of Referer, as we saw in IIS's log. (here? ! http://\1.*).
The third line defines the suffix of the anti-hotlinking file by RewriteRule, which is just the suffix of the picture. If you need it, you can add mp3,rar and all other suffixes. The following/block.gif indicates that if the file with these suffixes is redirected after hotlinking, here it is redirected to/root directory block.gif, which can be HTML or any other file. If you only want a folder below the file is not hotlinking, just need to add the path. For example, you don't want files in the images and pic directories to be stolen, but others can. I'm going to rewrite it as
RewriteRule (/images/|/pic/).*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
This kind of circumstance basically is some stationmaster is in the picture address in others friendship link is in oneself here.
Backmost [I, O, N], said I case-insensitive, O said to standardization of URL, may be used to handle Unicode encoded address (for example, contains Chinese URL) and the content of the QueryString, N said from the site again request file rather than read from the local cache file, the purpose is to prevent when the user visits the stolen your chain site, go back to your website also appears hotlinking hints.
Note that because this rule is filtered through Referer to get an address with http://, it does not protect against hotlinking of other protocols, such as thunderbolt download. But direct access from any browser, as long as it is HTTP co- sense, kill.
The above function of RewriteCond and RewriteRule is only my understanding of native law. Those who have professional research in this field are welcome to correct in the comments, so as not to mislead. In addition, if you encounter problems with isapi-rewrite version, just make sure that the following regular formula is written correctly.
Two, exclude sex to prevent hotlinking write
RewriteCond Host: (.+)
RewriteCond Referer: (?!http://\1.*).*
RewriteCond Referer: (?!http://(.*)(\.baidu\.com|\.google\.com|\.google\.cn|\.g\.cn|\.gougou\.com|\.soso\.com|\.sogou\.com|\.youdao\.com|\.bing\.com|\.yahoo\.com|\.yahoo\.cn|\.eojoo\.com)).*
RewriteRule .*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
Boss, a quick refresher:
The first row is
The second row is the same as
The third line filters the request address in the second line with a regular expression, which filters all the popular search engines, including your own site, or other sites on your server. Each different domain name is \.baidu \.com, multiple separated by |. If it's IP, write 100\.100\.100\.100
The fourth row is the same as
above This explanation should not be difficult to understand, directly use, according to the original format.
Regular expression symbol ursols that appear in rules:
. Matches any character
except the newline character + indicates that the preceding character can appear one to any number of times
* indicates that the preceding character can appear zero to any number of
() represents an expression group, which can be understood with addition, subtraction, multiplication and division ? ! The following
match is no longer performed if the character following the assertion symbol appears \ represents an escape symbol, such as in a web address. It is an arithmetic symbol built into the rule to be escaped into a character by \.
| represents or is used to connect multiple possible
Through the above "messy" symbol, unexpectedly formed such a powerful rule, exclamation!