IIS against hotlinking ISAPI Rewrite pictures against hotlinking rules
- 2020-05-06 12:04:07
- OfStack
Through G. CN and B. CN the several different scheme is obtained after the search, such as web application charge URL camouflage method, on the server side plug-in method and ISAPI - REWRITE rule filtering method, considering its own site structure and difficult problem for the purse, finally chose the latter, namely the popular now used for pseudo static ISAPI Rewrite writing rules to realize my hotlinking prevention "dream".
Why a dream? First said sorry, lazy I search for a big team after numerous reprint articles, apply now in the code and found or simply doesn't work, or the effect of less than I want, after the tortuous finally put this thought can easily copy for reference of preventing hotlinking to finished, hate those who will only be reproduced and pseudo original owners, oneself also don't try to fill, hurt many people waste a lot of time.
The following ISAPI Rewrite is working on my server after a tutorial on correcting and correcting expressions and making changes to the rules left by the previous generation.
After testing four kinds of normal, that is, the site links normal, the white list of links in the normal, hotlinking link block, search engine links normal.
The details are as follows;
1. Completely block all hotlinking sources (if there are other rules, put them on top of the existing rules) Code:
Boss, a quick refresher:
The first line defines the scope of the request host to which the rules under RewriteCond apply by HOST.
The second line is RewriteCond's Referer, which defines the source address of the request to which the rules apply. We all know that any website accessed via the Internet will leave a trace of Referer, as we see in the IIS log. (here? ! http://\1.*).
The third line defines the suffix of the anti-hotlinking file through RewriteRule, which is just the suffix of the picture. If you need, you can add mp3,rar and all other suffixes. The following/block.gif indicates that if the file with these suffixes is redirected after hotlinking, here it is redirected to/root directory block.gif, which can be HTML or any other file. If you only want a folder below the file is not hotlinking, just need to add the path. For example, don't want files in the images and pic directories to be stolen, but others can. I'm going to rewrite it as
RewriteRule (/images/|/pic/).*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
This kind of circumstance basically is some stationmaster is in the picture address in others friendship link is in oneself here.
Backmost [I, O, N], said I case-insensitive, O said to standardization of URL, may be used to handle Unicode encoded address (for example, contains Chinese URL) and the content of the QueryString, N said from the site again request file rather than read from the local cache file, the purpose is to prevent when the user visits the stolen your chain site, go back to your website also appears hotlinking hints.
Note that because this rule is filtered through Referer to get addresses with http://, it does not protect against hotlinking of other protocols, such as thunderbolt download. But direct access through any browser, as long as it is HTTP co- sense, kill.
The above function of RewriteCond and RewriteRule is only my understanding of native law. Those who have professional research in this field are welcome to correct in the comments, so as not to mislead. In addition, if you encounter problems with isapi-rewrite version, just make sure that the following regular formula is written correctly.
two, exclude sex to prevent hotlinking write
code:
Boss, a quick refresher:
The first row is the same as
The second row is the same as
The third line filters the request address in the second line with a regular expression, which filters all the popular search engines, including your own site, or other sites on your server. Each different domain name is \.baidu \.com, several with | separated. If it's IP, write 100\.100\.100\.100
The fourth row is the same as
This explanation should not be difficult to understand, directly use, according to the original format.
Regular expression symbol ursols that appear in rules:
. Matches any character
except the newline character + indicates that the preceding character can appear one to any number of times
* indicates that the preceding character can appear zero to any number of
() represents a group of expressions that you can use to understand
with addition, subtraction, multiplication and division ? ! If the character following the assertion symbol appears, the following match
is no longer performed \ represents an escape symbol, such as in a web address. It is an arithmetic symbol built into the rule to be escaped into a character by \.
| represents or is used to connect multiple possible
Through the above "messy" symbol, unexpectedly formed such a powerful rule, exclamation!
Why a dream? First said sorry, lazy I search for a big team after numerous reprint articles, apply now in the code and found or simply doesn't work, or the effect of less than I want, after the tortuous finally put this thought can easily copy for reference of preventing hotlinking to finished, hate those who will only be reproduced and pseudo original owners, oneself also don't try to fill, hurt many people waste a lot of time.
The following ISAPI Rewrite is working on my server after a tutorial on correcting and correcting expressions and making changes to the rules left by the previous generation.
After testing four kinds of normal, that is, the site links normal, the white list of links in the normal, hotlinking link block, search engine links normal.
The details are as follows;
1. Completely block all hotlinking sources (if there are other rules, put them on top of the existing rules) Code:
RewriteCond Host: (.+)
RewriteCond Referer: (?!http://\1.*).*
RewriteRule .*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
Boss, a quick refresher:
The first line defines the scope of the request host to which the rules under RewriteCond apply by HOST.
The second line is RewriteCond's Referer, which defines the source address of the request to which the rules apply. We all know that any website accessed via the Internet will leave a trace of Referer, as we see in the IIS log. (here? ! http://\1.*).
The third line defines the suffix of the anti-hotlinking file through RewriteRule, which is just the suffix of the picture. If you need, you can add mp3,rar and all other suffixes. The following/block.gif indicates that if the file with these suffixes is redirected after hotlinking, here it is redirected to/root directory block.gif, which can be HTML or any other file. If you only want a folder below the file is not hotlinking, just need to add the path. For example, don't want files in the images and pic directories to be stolen, but others can. I'm going to rewrite it as
RewriteRule (/images/|/pic/).*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
This kind of circumstance basically is some stationmaster is in the picture address in others friendship link is in oneself here.
Backmost [I, O, N], said I case-insensitive, O said to standardization of URL, may be used to handle Unicode encoded address (for example, contains Chinese URL) and the content of the QueryString, N said from the site again request file rather than read from the local cache file, the purpose is to prevent when the user visits the stolen your chain site, go back to your website also appears hotlinking hints.
Note that because this rule is filtered through Referer to get addresses with http://, it does not protect against hotlinking of other protocols, such as thunderbolt download. But direct access through any browser, as long as it is HTTP co- sense, kill.
The above function of RewriteCond and RewriteRule is only my understanding of native law. Those who have professional research in this field are welcome to correct in the comments, so as not to mislead. In addition, if you encounter problems with isapi-rewrite version, just make sure that the following regular formula is written correctly.
two, exclude sex to prevent hotlinking write
code:
RewriteCond Host: (.+)
RewriteCond Referer: (?!http://\1.*).*
RewriteCond Referer: (?!http://(.*)(\.baidu\.com|\.google\.com|\.google\.cn|\.g\.cn|\.gougou\.com|\.soso\.com|\.sogou\.com|\.youdao\.com|\.bing\.com|\.yahoo\.com|\.yahoo\.cn|\.eojoo\.com)).*
RewriteRule .*\.(?:gif|jpg|jpeg|png|bmp) /block.gif [I,O,N]
Boss, a quick refresher:
The first row is the same as
The second row is the same as
The third line filters the request address in the second line with a regular expression, which filters all the popular search engines, including your own site, or other sites on your server. Each different domain name is \.baidu \.com, several with | separated. If it's IP, write 100\.100\.100\.100
The fourth row is the same as
This explanation should not be difficult to understand, directly use, according to the original format.
Regular expression symbol ursols that appear in rules:
. Matches any character
except the newline character + indicates that the preceding character can appear one to any number of times
* indicates that the preceding character can appear zero to any number of
() represents a group of expressions that you can use to understand
with addition, subtraction, multiplication and division ? ! If the character following the assertion symbol appears, the following match
is no longer performed \ represents an escape symbol, such as in a web address. It is an arithmetic symbol built into the rule to be escaped into a character by \.
| represents or is used to connect multiple possible
Through the above "messy" symbol, unexpectedly formed such a powerful rule, exclamation!