Question

I ve got different users for my website, owning different images which are all stored in the same folder. The images are stored in an incremental fashion, 1.jpg, 2.jpg etc. User can view these pictures on a specific php page. Now I want to restrict the access to these images only through this php page so that they can t simply enumerate all the filenames to see the images of other users.

我想用一个<代码>htaccess的文档进行这项工作,该文档除了存储在<代码>/shop/img/userimg/上的图像外,还将研究这样的内容:

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/shop/shop.php [NC]
RewriteRule .*.(jpe?g|gif|bmp|png)$ - [F]

我的网址是分站(见:/shop/),而查看这些图像的网址是shop.php。

现在这完全是可能的? 我做了什么错误?

Answer 1

请注意,查询人负责人不能信赖。一些近似和防火墙完全拆除了头盔,因此,你必须说明其没有在场(第2行是这样)。

RewriteCond %{HTTP_REFERER} !/shop/shop.php$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpe?g|gif|bmp|png)$ - [F,L]

Answer 2

请在您的查阅档案中添加以下内容。

RewriteEngine On
RewriteBase /

#if the referer (page request came from) does not contain shop.php
RewriteCond %{HTTP_REFERER} !/shop/shop.php [NC]
#and it is a request for images, then send a 403 forbidden
RewriteRule .(jpe?g|gif|bmp|png)$ - [F,L]

友情链接