存储和阅读上面的图像public_html [英] Storing and reading images above public_html
问题描述
我的文件结构:
- userimages
image.jpg
image2.jpg
- public_html
filetoserveimage.html
我尝试链接到userimages文件夹中的图像这:
< img src =../ userimages / image.jpg>
但是不行。有什么我在这里失踪?如果你有什么更好的建议,请让我知道。我试图让公众用户执行他们可能上传的潜在危险文件。就像一个额外的安全措施。谢谢!
你想要的东西基本上是不可能的。
浏览器加载页面的方式(非常基本)是这样的:
$ b 第1步:下载页面。
第2步:解析页面。
步骤3:下载页面内容中引用的任何东西(图片,样式表,javascripts等)
每个下载事件都是原子的。 p>
好像你只想把图片提供给刚下载了引用这些图片的页面的人。
如PHP Jedi所示,您可以通过PHP传递文件。你可以扩展他的代码,并检查请求HTTP_REFERER,以确保人们不抓只形象。
现在,通过一个PHP passthru脚本效率不高,但它可以工作。
人们想要这样做的最常见的原因是为了避免盗链 - 当人们在服务器上引用图像的其他网站上创建图像标签时。当他们这样做的时候,你会花费资源处理请求,在别人的页面上显示出来。
如果这是你真正想要避免的,你可以使用mod_rewrite来检查这个引用者可以找到一个体面的关于盗链/反盗链的讨论 -protection-with-htaccess /rel =nofollow noreferrer>这里
I am trying to secure my PHP Image upload script and the last hurdle I have to jump is making it so that users cannot directly excecute the images, but the server can still serve them in web pages. I tried changing ownership and permissions of the folders to no avail, so I am trying to store the images above public_html and display them in pages that are stored in public_html.
My File Structure:
- userimages
image.jpg
image2.jpg
- public_html
filetoserveimage.html
I tried linking to an image in the userimages folder like this:
<img src="../userimages/image.jpg">
But it does not work. Is there something I am missing here? If you have any better suggestions please let me know. I am trying to keep public users from executing potentially dangerous files they may have uploaded. Just as an extra security measure. Thanks!
You want something that's basically impossible.
The way a browser loads a page (in a very basic sense) is this:
Step 1: Download the page. Step 2: Parse the page. Step 3: Download anything referenced in the content of the page (images, stylesheets, javascripts, etc)
Each "Download" event is atomic.
It seems like you want to only serve images to people who have just downloaded a page that references those images.
As PHP Jedi illustrated, you can pass the files through PHP. You could expand on his code, and check the HTTP_REFERER on the request to ensure that people aren't grabbing "just" the image.
Now, serving every image through a PHP passthru script is not efficient, but it could work.
The most common reason people want to do this is to avoid "hotlinking" -- when people create image tags on other sites that reference the image on your server. When they do that, you expend resources handling requests that get presented on someone else's page.
If that's what you're really trying to avoid, you can use mod_rewrite to check the referer.
A decent-looking discussion of hotlinking/anti-hotlinking can be found here
这篇关于存储和阅读上面的图像public_html的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
