通过 .htaccess 防止通过 CSS 进行热链接
我已经以这种方式设置了 htaccess 来阻止热链接:
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(bmp|dtd|flv|jpeg|jpg|gif|png|psd|swf|tif|txt|mov|mpeg|mp3|xml)$ - [F,NC,L]
问题是它通过 HTML(例如 background-image: url)
所以这里澄清一下我的意思:
服务器 A (My Domain) 主机文件 /myfile.jpg
服务器 B(另一个域)托管 css 文件 /mycss.css
服务器 B CSS 文件包含 background-image:url('server-A/myfile.jpg'); 此 CSS 规则有效;它从服务器 A 加载 jpg 文件。如果服务器 B 也有 
I've set up my htaccess this way to block hotlinking:
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mydomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(bmp|dtd|flv|jpeg|jpg|gif|png|psd|swf|tif|txt|mov|mpeg|mp3|xml)$ - [F,NC,L]
The problem is that it works perfectly fine via HTML (such as <img> tags) but it doesn't prevent hotlinking through CSS (ex., background-image: url)
So here's a clarification on what I mean:
Server A (My Domain) hosts file /myfile.jpg
Server B (Another Domain) hosts css file /mycss.css
Server B CSS file contains background-image:url('server-A/myfile.jpg'); This CSS rule works; it loads the jpg file from Server A. If Server B were to also have an <img src="server-A/myfile.jpg">, it wouldn't load. It just works for the CSS. It shouldn't work for either.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当您说“不阻止通过 CSS 进行热链接”时,您的意思是 1) 其他人仍然可以在他们的页面中使用您现有的 CSS 文件,还是 2) 其他人可以将您的图像放入他们自己的 CSS 文件中?
如果 1) 图像获取的引用标头可能是 CSS 文件本身,它将来自您的服务器,因此将失败第一个 RewriteCond 规则,并且不会阻止获取。
When you say "doesn't prevent hotlinking through CSS" do you mean 1) that other people can still use your existing CSS files with their pages, or 2) that other people can put your images in their own CSS files?
If 1) it may be that the referrer header for the image fetch is the CSS file itself, which will come from your server, so will fail the first RewriteCond rule and the fetch won't be blocked.