HTTP防盗链与反防盗链

Posted 叫我大头

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了HTTP防盗链与反防盗链相关的知识,希望对你有一定的参考价值。

HTTP防盗链

通过上一次,我没对HTTP请求不再那么陌生了。防盗链无非就是别人来请求自己网站的信息,用于其他网站,那么如果我们能识别请求是来自那个网站,如果是外网,那么就重定向等其他处理。但在web服务器层面,服务器根据HTTP协议的Referer头信息来判断该请求是来自外网还是内网。到此基本了解原理。接下来进行操作。

  • 加载重写模块

apache配置文件中去掉重写模块前 #

image

  • 在需要防盗链的网站或目录,建 .htaccess 文件,写重写规则

RewriteEngine On
#对请求的文件是图片的需要重写
RewriteCond %{REQUEST_FILENAME} .*\\.(jpg|jpeg|gif|png|html) [NC]
#对网站外网访问进行重写
RewriteCond %{HTTP_REFERER} !localhost [NC]
RewriteRule  .*   www.baidu.com

反防盗链

既然防盗链是通过头信息 Referer 来判断,那么我们就伪造一个头信息进行采集等操作。

class  implement_socket implements php_socket
{
    protected $http_tpye = \'HTTP/1.1\';
    protected $url = \'\';
    protected $request_type = \'\';
    protected $lines = \'\';
    protected $fsoket_open = \'\';
    protected $port = \'\';
    protected $errstr = \'\';
    protected $timeout = 0;
    public $parse_url = \'\';
    protected $content_type = \'\';
    protected $content_length = 0;
    protected $body = \'\';
    protected $header_info = array();

    function __construct($url, $request_type = \'\', $port = 80, $timeout = 5)
    {
        $this->url = $url;
        $this->request_type = $request_type;
        $this->port = $port;
        $this->timeout = $timeout;
        $this->parse_url = parse_url($url);
        //链接
        $this->connect();

    }

    /*
     *设置请求行
     * */
    public function get()
    {
        $this->content_type = \'text/html\';
        $this->lines = $this->request_type . \' \' . $this->parse_url[\'path\'] . \' \' . $this->http_tpye;
        return $this->request();
    }

    public function post($param)
    {
        //设置头信息
        $this->content_type = \'application/x-www-form-urlencoded\';
        $data = $this->body_info($param);
        $this->header_info[] = \'Content-Length:\' . strlen($data);
        $this->lines = $this->request_type . \' \' . $this->parse_url[\'path\'] . \' \' . $this->http_tpye;
        $this->body = $data;
        return $this->request();
    }

    public function request()
    {
        $getinfo = \'\';
        /*echo $this->lines . "\\r\\n" . implode("\\r\\n", $this->header_info) . " \\n\\r\\n" . $this->body;
        exit();*/
        //链接成功进行写入头信息
        fwrite($this->fsoket_open, $this->lines . "\\n" . implode("\\n", $this->header_info) . "\\n\\r\\n" . $this->body);
        while (!feof($this->fsoket_open)) {
            $getinfo .= fgets($this->fsoket_open, 2048);
        }
        fclose($this->fsoket_open);
        return $getinfo;
    }

    /*
     * 链接
     * */
    public function connect()
    {
        try {
            $this->fsoket_open = fsockopen($this->parse_url[\'host\'], $this->port, $this->errstr, $this->timeout);
        } catch (Exception $exception) {
            echo \'connect is failed :\' . $exception->getMessage() . \'r\\n\' . $this->errstr;
        }
    }

    /*
     * 设置头信息
     * */
    public function header_info($head_arraay = array())
    {
        $this->header_info = $head_arraay;
    }

    /*
     * 设置主体
     * */
    public function body_info($param = \'\')
    {
        // 生成 URL-encode 之后的请求字符串
        return $param;
    }
}

//防盗链
$http = new  implement_socket(\'http://localhost/smarty/explain.png\', \'GET\');
$http->header_info(array(
    \'Referer:http://localhost/smarty/\',
    "Host:" . $http->parse_url[\'host\']
));
//写入文件里
//echo strstr($http->get(),\'\\r\\n\\r\\n);
file_put_contents(\'caiji.png\',substr(strstr($http->get(),"\\r\\n\\r\\n"),4));热烈的笑脸

以上是关于HTTP防盗链与反防盗链的主要内容,如果未能解决你的问题,请参考以下文章

nginx盗链与防盗链(非常详细)

LAMP-防盗链与访问控制

Nginx防盗链与访问控制

nginx之防盗链

Apache安全优化之防盗链

Nginx优化和防盗链