HTTP防盗链与反防盗链

时间:2023-03-09 19:55:28
HTTP防盗链与反防盗链

HTTP防盗链

通过上一次,我没对HTTP请求不再那么陌生了。防盗链无非就是别人来请求自己网站的信息,用于其他网站,那么如果我们能识别请求是来自那个网站,如果是外网,那么就重定向等其他处理。但在web服务器层面,服务器根据HTTP协议的Referer头信息来判断该请求是来自外网还是内网。到此基本了解原理。接下来进行操作。

  • 加载重写模块

apache配置文件中去掉重写模块前 #

HTTP防盗链与反防盗链

  • 在需要防盗链的网站或目录,建 .htaccess 文件,写重写规则

RewriteEngine On
#对请求的文件是图片的需要重写
RewriteCond %{REQUEST_FILENAME} .*\.(jpg|jpeg|gif|png|html) [NC]
#对网站外网访问进行重写
RewriteCond %{HTTP_REFERER} !localhost [NC]
RewriteRule .* www.baidu.com

反防盗链

既然防盗链是通过头信息 Referer 来判断,那么我们就伪造一个头信息进行采集等操作。

class  implement_socket implements php_socket
{
protected $http_tpye = 'HTTP/1.1';
protected $url = '';
protected $request_type = '';
protected $lines = '';
protected $fsoket_open = '';
protected $port = '';
protected $errstr = '';
protected $timeout = 0;
public $parse_url = '';
protected $content_type = '';
protected $content_length = 0;
protected $body = '';
protected $header_info = array(); function __construct($url, $request_type = '', $port = 80, $timeout = 5)
{
$this->url = $url;
$this->request_type = $request_type;
$this->port = $port;
$this->timeout = $timeout;
$this->parse_url = parse_url($url);
//链接
$this->connect(); } /*
*设置请求行
* */
public function get()
{
$this->content_type = 'text/html';
$this->lines = $this->request_type . ' ' . $this->parse_url['path'] . ' ' . $this->http_tpye;
return $this->request();
} public function post($param)
{
//设置头信息
$this->content_type = 'application/x-www-form-urlencoded';
$data = $this->body_info($param);
$this->header_info[] = 'Content-Length:' . strlen($data);
$this->lines = $this->request_type . ' ' . $this->parse_url['path'] . ' ' . $this->http_tpye;
$this->body = $data;
return $this->request();
} public function request()
{
$getinfo = '';
/*echo $this->lines . "\r\n" . implode("\r\n", $this->header_info) . " \n\r\n" . $this->body;
exit();*/
//链接成功进行写入头信息
fwrite($this->fsoket_open, $this->lines . "\n" . implode("\n", $this->header_info) . "\n\r\n" . $this->body);
while (!feof($this->fsoket_open)) {
$getinfo .= fgets($this->fsoket_open, 2048);
}
fclose($this->fsoket_open);
return $getinfo;
} /*
* 链接
* */
public function connect()
{
try {
$this->fsoket_open = fsockopen($this->parse_url['host'], $this->port, $this->errstr, $this->timeout);
} catch (Exception $exception) {
echo 'connect is failed :' . $exception->getMessage() . 'r\n' . $this->errstr;
}
} /*
* 设置头信息
* */
public function header_info($head_arraay = array())
{
$this->header_info = $head_arraay;
} /*
* 设置主体
* */
public function body_info($param = '')
{
// 生成 URL-encode 之后的请求字符串
return $param;
}
} //防盗链
$http = new implement_socket('http://localhost/smarty/explain.png', 'GET');
$http->header_info(array(
'Referer:http://localhost/smarty/',
"Host:" . $http->parse_url['host']
));
//写入文件里
//echo strstr($http->get(),'\r\n\r\n);
file_put_contents('caiji.png',substr(strstr($http->get(),"\r\n\r\n"),4));HTTP防盗链与反防盗链