How to prevent image hotlink from your ASP.NET sit

2020-05-28 18:13发布

What is the best/simplest way to prevent people hotlinking to images from my hosted ASP.NET website? I don't need to prevent all images/resources from hotlinking, I just want to prevent hotlinking to specific images/resources on a site. FYI. It's hostesd on GoDaddy.com so IIS tricks probably wont work.

4条回答
We Are One
2楼-- · 2020-05-28 18:13

Streaming the images through an ASPX page is a good solution. Though Referrer could be hacked.

What you could do is use a unique salt (keyword) and generate against MD5 (SHA-1 or SHA-2) if you are really concerned with security. Run the current epoch time as well against this as well, this puts an expiry on images as well. Store this "keycode" in the cookies. Whenever images are served you basically pass this via the querystring. The validation happens on the ASPX on the other end. You could even regenerate a new "keycode" between each request using either an HTTPRequestModule or the Global.asax page.

There will be overhead, but it will prevent anyone from hotlinking.

查看更多
Animai°情兽
3楼-- · 2020-05-28 18:27

You could refuse any requests for images that don't have your site in the HTTP referer header field. That's the theory. In order to control requests in your application, you'd have to stream all images through an ASP page (as opposed to linking to them directly).

查看更多
三岁会撩人
4楼-- · 2020-05-28 18:27

One thing I've seen that I thought was clever is to add an extra portion to the bottom of the image, and then use a css sprite technique to cut it off when shown on your site. A naive hotlink will result in displaying your extra portion. This will mean the image is skewed, so it doesn't look right on the other site, and you can use the extra portion to show your own url or whatever else you want.

查看更多
三岁会撩人
5楼-- · 2020-05-28 18:32

Simplest way to do this is with a UrlRewrite in IIS 7.0.

https://help.maximumasp.com/KB/a738/using-url-rewrite-to-prevent-image-hotlinking.aspx

<configuration>
<system.webServer>
    <rewrite>
        <rules>
            <rule name="PreventImageHotlinking" enabled="true" stopProcessing="true">


<match url=".*\.(gif|jpg|png)$" />
  <conditions>
                        <add input="{HTTP_REFERER}" negate="true" pattern="^$" />
                        <add input="{HTTP_REFERER}" negate="true" pattern="http://www.YourDomain.com/.*" />
  </conditions>
  <action type="Rewrite" url="/images/hotlinking.jpg" />
</rule>
            </rules>
        </rewrite>
    </system.webServer>
查看更多
登录 后发表回答