HTTP防盗链与反防盗链

HTTP防盗链

通过上一次,我没对HTTP请求不再那么陌生了。防盗链无非就是别人来请求自己网站的信息,用于其他网站,那么如果我们能识别请求是来自那个网站,如果是外网,那么就重定向等其他处理。但在web服务器层面,服务器根据HTTP协议的Referer头信息来判断该请求是来自外网还是内网。到此基本了解原理。接下来进行操作。

  • 加载重写模块

apache配置文件中去掉重写模块前 #

image

  • 在需要防盗链的网站或目录,建 .htaccess 文件,写重写规则

RewriteEngine On
#对请求的文件是图片的需要重写
RewriteCond %{REQUEST_FILENAME} .*.(jpg|jpeg|gif|png|html) [NC]
#对网站外网访问进行重写
RewriteCond %{HTTP_REFERER} !localhost [NC]
RewriteRule  .*   www.baidu.com

反防盗链

既然防盗链是通过头信息 Referer 来判断,那么我们就伪造一个头信息进行采集等操作。

class  implement_socket implements php_socket
{
    protected $http_tpye = 'HTTP/1.1';
    protected $url = '';
    protected $request_type = '';
    protected $lines = '';
    protected $fsoket_open = '';
    protected $port = '';
    protected $errstr = '';
    protected $timeout = 0;
    public $parse_url = '';
    protected $content_type = '';
    protected $content_length = 0;
    protected $body = '';
    protected $header_info = array();

    function __construct($url, $request_type = '', $port = 80, $timeout = 5)
    {
        $this->url = $url;
        $this->request_type = $request_type;
        $this->port = $port;
        $this->timeout = $timeout;
        $this->parse_url = parse_url($url);
        //链接
        $this->connect();

    }

    /*
     *设置请求行
     * */
    public function get()
    {
        $this->content_type = 'text/html';
        $this->lines = $this->request_type . ' ' . $this->parse_url['path'] . ' ' . $this->http_tpye;
        return $this->request();
    }

    public function post($param)
    {
        //设置头信息
        $this->content_type = 'application/x-www-form-urlencoded';
        $data = $this->body_info($param);
        $this->header_info[] = 'Content-Length:' . strlen($data);
        $this->lines = $this->request_type . ' ' . $this->parse_url['path'] . ' ' . $this->http_tpye;
        $this->body = $data;
        return $this->request();
    }

    public function request()
    {
        $getinfo = '';
        /*echo $this->lines . "rn" . implode("rn", $this->header_info) . " nrn" . $this->body;
        exit();*/
        //链接成功进行写入头信息
        fwrite($this->fsoket_open, $this->lines . "n" . implode("n", $this->header_info) . "nrn" . $this->body);
        while (!feof($this->fsoket_open)) {
            $getinfo .= fgets($this->fsoket_open, 2048);
        }
        fclose($this->fsoket_open);
        return $getinfo;
    }

    /*
     * 链接
     * */
    public function connect()
    {
        try {
            $this->fsoket_open = fsockopen($this->parse_url['host'], $this->port, $this->errstr, $this->timeout);
        } catch (Exception $exception) {
            echo 'connect is failed :' . $exception->getMessage() . 'rn' . $this->errstr;
        }
    }

    /*
     * 设置头信息
     * */
    public function header_info($head_arraay = array())
    {
        $this->header_info = $head_arraay;
    }

    /*
     * 设置主体
     * */
    public function body_info($param = '')
    {
        // 生成 URL-encode 之后的请求字符串
        return $param;
    }
}

//防盗链
$http = new  implement_socket('http://localhost/smarty/explain.png', 'GET');
$http->header_info(array(
    'Referer:http://localhost/smarty/',
    "Host:" . $http->parse_url['host']
));
//写入文件里
//echo strstr($http->get(),'rnrn);
file_put_contents('caiji.png',substr(strstr($http->get(),"rnrn"),4));热烈的笑脸
0 条评论
发表一条评论