使用htaccess对多个域动态阻止图像热链接 [英] Dynamically prevent hotlinking images using htaccess for multiple domains

问题描述

有关使用htaccess防止热链接的详细记录.但是，我想在不为每个域添加规则的情况下防止对多个域进行热链接.

Preventing hotlinking using htaccess is well documented. However, I want to prevent hotlinking for multiple domains without adding a rule per domain.

我的想法是将引荐来源网址与主机名匹配，这对我来说似乎是一个很好的解决方案.

My idea is to match the referrer with the hostname, this seems like a good solution to me.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?%{HTTP_HOST}/.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
</IfModule>

这是防止热链接的正确且安全的解决方案吗?

Is this is a proper and safe solution to prevent hotlinking?

推荐答案

当请求与www.一起提供时，此方法将无效，但引荐来源网址则无效.这是因为您的规则将有效地尝试匹配以下无效的内容.

This won't work when the request comes with www. but the referrer doesn't. That's because your rule would effectively try to match the following which wouldn't work.

RewriteCond http://domain.com/index.php !^http://(www\.)?www\.domain\.com/.*$

正确的方法是使用以下内容:

The correct way is to use the following:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?([^/]+)/.*$ [NC]
RewriteCond %2#%{HTTP_HOST} !^(.+)#(www\.)?\1$ [NC]
RewriteRule \.(bmp|gif|jpe?g|png|swf)$ - [F,L,NC]

这也处理SSL(https:). 在此处查看.

This takes care of SSL (https:) as well. Take a look here to see how it works.

这篇关于使用htaccess对多个域动态阻止图像热链接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！