如何防止流媒体内容的盗链?
我有一个包含媒体文件的目录,不需要在其他网站上显示它们。 服务器不支持.htaccess,因为它使用nginx。
如何为我的文件启用热链接保护? 谢谢。
I have a directory with my media files and I need no to display them on other sites.
Server doesn't support .htaccess, because it uses nginx.
How can I enable hotlink protection for my files??
Thank you.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
最简单的方法是检查 HTTP 请求中的 Referer 标头。基本上,如果该标头没有来自您网站的 URL,那么这可能是热链接。
这存在以下问题:
您还可以在用户浏览您的网站时设置 cookie,并在用户访问流内容时检查该 cookie 是否存在。
Easiest way would be to check for the Referer header in HTTP request. Basically if that header does not have URL from your site, then this could be hot linking.
This has following problems:
You could also set a cookie when user is browsing your site, and check for existence of that cookie when user is accessing the streaming content.
详细信息可能已过时,但 Igor 给出了一个用于图像热链接保护的引荐来源网址映射示例,该示例可能在此处有用:http://nginx.org/pipermail/nginx/2007-June/001082.html
如果您决定采用引荐来源网址路线。
如果您使用 memcached,您还可以存储客户端 IP 地址一段时间,并且仅在缓存中找到未过期的客户端 IP 时才提供流媒体。客户端 IP 在正常浏览期间会被缓存,确保查看您的流媒体内容的人最近也访问过您的网站。
The details may be dated, but Igor gives an example of referrer mapping for image hotlink protection that might be useful here: http://nginx.org/pipermail/nginx/2007-June/001082.html
If you decide to go the referrer route.
If you are using memcached you could also store store client IP addresses for a time and only serve up your streaming media if an unexpired client IP is found in the cache. The client IP gets cached during normal browsing ensuring that the person viewing your streaming content has also recently been visiting your site.
在我的 Hostgator 网站上,他们使用 nginx 作为 Apache 的代理(nginx+apache)。也许这会对你有帮助。另外,如果您有权访问日志,如果您看到来自某个 IP 的大量流量,我会进行调查,如果它指向某个站点,则阻止其他 Web 服务器。 Php 的 file_get_contents 不会被 htaccess 或除了阻止 ip 之外的其他任何我知道的东西阻止。
On my hostgator site, they used nginx as a proxy to Apache(nginx+apache). maybe that will help you. Also if you have access to the logs, if you see a lot of traffic that way from a ip I would investigate, and if it points to a site, then block the other web server. Php's file_get_contents doesn't get stopped by htaccess or anything else I know besides blocking the ip.