[英]Prevent direct access to images using the browser url
I have a folder named - Images . 我有一个名为-Images的文件夹。 This folder contains user profile pictures. 此文件夹包含用户个人资料图片。 Right now a user can see his image by just copying the image URL to his browser any time. 现在,用户可以随时通过将图像URL复制到浏览器来查看其图像。 This way he can also see other user's profile pics. 这样,他还可以查看其他用户的个人资料照片。 What I want to achieve is - The user should be able to see his profile pic only through the PHP page on my website. 我想要实现的是-用户应该只能通过我网站上的PHP页面看到其个人资料图片。 If the user directly puts the image URL, it should not be displayed. 如果用户直接放置图像URL,则不应显示它。
I tried to achieve this using .htaccess. 我尝试使用.htaccess实现此目的。 This is what I have in the .htaccess file : 这是我在.htaccess文件中的内容:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/
RewriteRule \.(gif|jpg)$ http://www.mysite.com/errorpost.jpg [R,L]
I am new to .htaccess. 我是.htaccess的新手。 If there is a way to achieve this, please help. 如果有办法实现这一目标,请帮忙。
Thanks in advance. 提前致谢。
I have the same problem. 我也有同样的问题。 Currently I found 2 ways: 目前,我发现了两种方法:
1) base64_encode() + ajax + js/jquery 1)base64_encode()+ ajax + js / jquery
pros 优点
cons 缺点
2) long-random-names (+symlinks) 2)长随机名称(+符号链接)
A) Store images in www folder using long-random names A)使用随机名称将图像存储在www文件夹中
B) Store images outside www folder with symlinks to www folder. B)将图像存储在带有www文件夹符号链接的www文件夹之外。 (images outside www can also work as your desktop images backup) (www之外的图像也可以用作您的桌面图像备份)
notes: 笔记:
example of image hierarchy: 图像层次结构示例:
pros: 优点:
cons 缺点
===================================== ====================================
I had implemented case 1) and it worked for me fine, however I did not found similar solution for HTML5 video. 我已经实现了案例1),对我来说很好用,但是我没有找到类似的HTML5视频解决方案。
Case 2) seems more flexible. 情况2)似乎更灵活。 However I still not sure about security. 但是我仍然不确定安全性。 If anyone sees security holes please let me know. 如果有人看到安全漏洞,请告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.