How to protect against direct access to images?

2019-01-14 03:27发布

站内问答 / 前端开发
2036 8 6

I would like to create a web site with many images. But I would like to protect against direct access to images, e.g. direct links to images without visiting the web site.

What is the preferred way to do this? And what are the alternatives with Pros and cons?

I have some ideas (I don't know if they are possible):

  • File permissions
  • PHP Sessions
  • Temporary file names or URLs
  • HTTP Redirection?

Maybe this isn't practiced on many web sites? E.g. I tried to access a private photo on Facebook without beeing logged in, but I could still visit the photo.

The platform will probably be a Ubuntu machine with NginX and PHP.

8条回答
\"骚年 ilove
2楼-- · 2019-01-14 03:56

Add Deny Rule in your .htaccess

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.ltd.*$ [NC] 
RewriteRule \.(gif|jpg|js|txt)$ /messageforcurious [L]
查看更多
0人赞 添加讨论(0) 举报
Summer. ? 凉城
3楼-- · 2019-01-14 03:57

http://us3.php.net/image

You link the img element to a php file. This file checks if the user has the right permission, if so it can send an img response back.

<img src="url/LoadImg.php?id=1337" alt="" />

Still someone with the permission can download the image and provide it to other people somewhere else (webspace/mail/whatever). To make it a bit harder to steal it you can disable right clicking on the image, but still a user who knows a little bit about http should not have any problems to steal it. You can place a signature over the image (for example the logo/name of your website) so people can see that you where the source. This can be done with php aswell.

If you want to be funy you can setup an other image (porn is great for this :P) that is sent if the link comes from an other page :P

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)