如何防止 URL 直接访问？

Question

Please help me to resolve hotlinking, how to prevent direct access to this URL and redirect visitors to index.php:

http://www.example.com/index.php?link=http://www.anysite.com/dir/file&name=on&email=on&submit=on

Answer 1

are you searching for something like this:

if(!strpos('mysite.com',$_SERVER["HTTP_REFERER"])) header('Location: index.php')

Answer 2

For purposes of answering this, I'm going to assume you don't care if the same user accesses it multiple times (provided that the first visit came through the main index page). This also assumes the user will accept a cookies.

When on the main index page:

1. start up a session on index.php
2. put some random value inside their session. eg: md5(microtime()) = af1929191...
3. also put that random value inside each url as another parameter eg: index.php?verify=af19...&link=http://foo.com

When loading a url:

1. check to see if the "verify" param is set if it isn't there, redirect them back to main index page. Or more helpfully, since you are creating a weird behavior, show them a error message indicating what you are doing, and why.
2. Start up the session and make sure that the value in their session matches the value in the url.

Answer 3

Using an htaccess file is a common solution to this problem:
from http://altlab.com/htaccess_tutorial.html
This code in particular redirects anyone trying to hotlink an image.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]