Website image anti-theft ---- Apache configuration
Every website owner is trying to beautify your own website, so that it looks more cool, more attractive, where the most common method is to use pictures, logo and flash. However, this will also bring a problem because the more beautiful, the more attractive websites, the beautiful pictures, and Flash, etc., it is easy to be sneaked by other websites. Let's discuss how to prevent website images from being stolen. There are two different pirate behaviors that need to be solved. There are two different pirate behaviors: 1. Use the HTML tag IMG to reference the image of the website in your own website. 2. Download the image from the website and put it on your own website. For the first kind of stealing behavior, the picture of the legal website is used to beautify the decoration of other websites, which is relatively large for the legal website, because visit the access to illegal websites is actually obtained from the legal website, legal website The log file is filled with access request records and bandwidth is illegally accessed, and the legal website is not any benefit. This type of stealing can be prevented by technical means. The second type of stealing relatively sinister, the viewer directly accesses illegal pictures in illegal websites, and the copyright of the legal website is infringed, but it is not compensated, and this kind of stealing is not found. Because the WEB's working mode is actually not blocked, this kind of stealing is more difficult. It is unrealistic to completely eliminate these two kinds of stealing behaviors, but the technical means can make this kind of stealing very difficult. In the Apache environment, you can limit the website picture to use. Identify files that need to be protected as a website administrator, the biggest hope is to protect all documents on the website, but from the perspective of technical perspectives is unrealistic, so we only discuss the protection of the picture file here. As a first step in protection, first, you need to identify files that need to be protected, and then the identified file can be further protected. Add the following in the Apache configuration file:
will
The container command is included
or
In containers, or listed separately, not in any protection container, this will protect all files of the website, or even store the .htaccess file. Put the container in different locations, and the protection range is different.
Referer http header field
When the user accesses the web server requests a page, there will be information called HTTP Request Header in the HTTP request sent by the user browser. This header includes some information, such as issuing a request customer. The host's browser version, user language, user operating system platform, user request document name, etc., this information is transmitted in a variable name / variable value.
In this information, the Referr field is very important for achieving image stolenness. The Referer field specifies the URL address of the last page of the client. For example, if the user accesses the page A, then click on the link to page A to page B, the HTTP request to access page B will include a Referr field, which includes such information "This request comes from page A". If a request is not from a page, but the user accesses the page A by entering the URL address of the page A directly in the browser address bar, the Referr field will not include the Referr field in the HTTP request. Is this helpful for us to prevent the chain? The Referer field is helping to determine whether the request to the image is from its own page, or from other websites.
Tag images using STenVIF
As a simple example, assume that the home page of the website that needs to be protected is http://my.apache.org, and you want to limit all network access requests from this website (for example, only access to this website page. picture of). Here, an environment variable can be used as a tag. If the condition is satisfied, the variable is set, as shown below: setENVIFNOCASE REFERER "^ http: //my/.apache/.org/" local_ref = 1
When Apache processes a request, it checks the REFERER field in the HTTP request header if the request comes from this website (that is, the URL of the request page is the domain name), set the environment variable Local_Ref to 1.
The string in double quotes is a regular expression that only matches the regular expression, and the environment variable will be set. This article does not discuss how to use regular expressions, here only need to understand the setEnvif * command uses regular expressions as parameters.
The "NOCASE" section of the setEnvifnocase command indicates that the regular expression here is ignored, 'http: //my.apache.org/'Apache.rg/' or 'http: // my. Apache.org/ 'can match the condition.
Using environment variables in access control
The ORDER, Allow and Deny commands in the Apache configuration file can implement access control based on the document-based environment variable, using the order, allow, and deny commands First, the order of the allow and deny commands are influential for the results of the Apache processing, should be the following Ways use:
ORDER ALOW, DENY
Here, Apache first processes the Allow command related to the HTTP request, and then processes the associated Deny command. The default policy of this processing method is DENY, unless there is a clear allowable setting, the request will be rejected, and any illegal access will not succeed.
Therefore, add the following command to the apache's configuration file httpd.conf to achieve local references:
ORDER ALOW, DENY
Allow from env = local_ref
This is only allowed by the local_ref variable, or all other requests and access will be rejected because these requests do not satisfy the Allow condition.
Note, please do not use .htaccess and httpd.conf
The container command, this container command is not required, unless there is a special requirement, for example, you want the GET request and the POST request to perform different processing.
Put these related settings together, there will be as follows in Apache's profile:
SetENVIFNOCASE REFERER "^ http://my/.apache/.org/" local_ref = 1
ORDER ALOW, DENY
Allow from env = local_ref
If the configuration can be stored in the server profile httpd.conf, or in the .htaccess file, the last effect is the same: within the range of these commands, only the pictures referenced from this website can be accessed.
Watermark processing
The method described above does not completely prevent image stealing chains, because some persistent pirates can falsify the REFERER value to steal pictures, so that the relevant settings have failed, so it is impossible to prevent website pictures from being stolen, but the measures taken above It makes it difficult to confuse the chain.
In addition, there is also a method of preventing pictures that is stolen, that is, the picture of the website is watermarking. Watermark processing for a digital picture refers to an addition of a special signature encoding in the picture, and can verify and detect, the digital watermark does not reduce the quality of the picture, and even the remainder after the image is cut, will still include watermarking. information. The picture is once again edited, printed, and then scans again, the watermark can still be detected. Therefore, the watermarking technology is a very good protection picture that is not stolen. Record the request
If you want to know if your website is stolen, you can try to use the same detection and environment variable to record suspicious requests. For example, add the following command to the httpd.conf file, then all access requests with illegal Referer header information is recorded in the / usr / local / web / apache / logs / poachers_log file:
Stenvifnocase Referer "! ^ Http://my/.apache/.org/" NOT_LOCAL_REF = 1
SetENVIFNOCASE REQUEST_URI "/. (GIF|JPG)" IS_IMAGE = 1
ReWriteEngine on
ReWritecond $ {Env: not_local_ref} = 1
Rewritecond $ {ENV: is_image} = 1
Rewriterule. * - [Last, ENV = Poach_attempt: 1]
Customlog logs / poachers_log clf env = Poach_attempt
In the above code, the head two behavior conditions set tag (that is, the image file without the correct local Referer), the REWRITECOND detects whether the tag is set, then the REWRITERULE sets the third tag, and the last line makes such access requests are recorded in In a specific file. The above is briefly introduced in the Apache environment, how to limit the way the website pictures are stolen, and I hope that everyone will introduce yourself better experience. (T111)
Transfer from CCIDAN - Open System World
