prevent经由CSS的.htaccess盗链 [英] Prevent Hotlinking through CSS via .htaccess
问题描述
我已经设置了我的htaccess这种方式来阻止盗链:
I've set up my htaccess this way to block hotlinking:
的RewriteCond%{HTTP_REFERER} ^ HTTP://(。+)mydomain.com/ [NC]
的RewriteCond%{HTTP_REFERER}!^ $
重写规则*。(BMP | DTD | FLV | JPEG | JPG | GIF | PNG | PSD |瑞士法郎| TIF | TXT | MOV | MPEG | MP3 | XML)$ - [F,NC,L]
RewriteCond %{HTTP_REFERER} !^http://(.+.)?mydomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*.(bmp|dtd|flv|jpeg|jpg|gif|png|psd|swf|tif|txt|mov|mpeg|mp3|xml)$ - [F,NC,L]
现在的问题是,它工作完全正常通过HTML(例如< IMG>标记)(前,背景图片的URL),但它并不prevent通过CSS盗链
The problem is that it works perfectly fine via HTML (such as < img > tags) but it doesn't prevent hotlinking through CSS (ex., background-image url)
因此,这里是什么我的意思是澄清:
So here's a clarification on what I mean:
服务器A(我的域)
服务器B(另一个域)
Server A (My Domain)
Server B (Another Domain)
服务器主机文件/myfile.jpg
服务器B主机的css文件/mycss.css
Server A hosts file /myfile.jpg
Server B hosts css file /mycss.css
服务器B CSS文件中包含的背景图像:网址(服务器-A / myfile.jpg');该CSS规则的作品...它加载从服务器A的JPG文件,如果服务器B组也有&LT; IMG SRC =服务器A / myfile.jpg>,就不会加载。这只是工作的CSS。它不应该对于任何工作。
Server B CSS file contains background-image:url('server-A/myfile.jpg'); This CSS rule works...it loads the jpg file from Server A. If Server B were to also have an < img src="server-A/myfile.jpg" >, it wouldn't load. It just works for the CSS. It shouldn't work for EITHER.
推荐答案
当你说不prevent通过CSS盗链你的意思是1),其他人仍然可以使用现有的CSS文件及其网页,或2),其他人可以把你的照片在自己的CSS文件?
When you say "doesn't prevent hotlinking through CSS" do you mean 1) that other people can still use your existing CSS files with their pages, or 2) that other people can put your images in their own CSS files?
如果1)这可能是因为对图像的引用标题取为CSS文件本身,它会从你的服务器,这样将无法在第一的RewriteCond规则和提取将不会被阻塞。
If 1) it may be that the referrer header for the image fetch is the CSS file itself, which will come from your server, so will fail the first RewriteCond rule and the fetch won't be blocked.
这篇关于prevent经由CSS的.htaccess盗链的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!