如何防止深度链接到我的网站上的文件

时间:2022-11-11 23:03:11

I own a website which contain a lot of freeware stuff to download on it. The problem I'm facing is that people from around the world are taking the direct links of the files (for example .zip files) and posting them on their websites and general forums. I am getting a huge amount of bandwidth and that's ok, but the number of pages visited is low. Is there a way or a script that I can add to the links, so that when someone presses on the link from a foreign website, a page from my website opens instead, which then lets him download the file so I can get more visits.

我拥有一个网站,其中包含大量免费软件可供下载。我面临的问题是来自世界各地的人们正在获取文件的直接链接(例如.zip文件)并将其发布在他们的网站和一般论坛上。我获得了大量的带宽,这没关系,但访问的页数很少。有没有我可以添加到链接的方法或脚本,以便当有人按下来自外国网站的链接时,会打开我网站上的页面,然后让他下载文件以便我可以获得更多访问。

For example, this is a address from my website:

例如,这是我网站上的地址:

http://sy-stu.org/stu/PublicFiles/StdLibrary/Exam.zip

When anyone presses on it, it will start the downloading process directly.

当有人按下它时,它将直接开始下载过程。

5 个解决方案

#1


If you are using PHP, you can have a script that links the user to the download but only if the $_SERVER['HTTP_REFERER'] is from your site. If it is not you redirect to your site.

如果您使用的是PHP,则可以使用脚本将用户链接到下载,但前提是$ _SERVER ['HTTP_REFERER']来自您的站点。如果不是您重定向到您的网站。

#2


Your site is hosted by an Apache web server, so you should be able to do the following in your site's httpd.conf (or virtual host block)

您的站点由Apache Web服务器托管,因此您应该能够在站点的httpd.conf(或虚拟主机块)中执行以下操作

RewriteEngine On
RewriteCond   %{HTTP_REFERER} !^$
RewriteCond   %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/  [NC]
RewriteRule   ^/PublicFiles/  /page-about-direct-links.html

That is basically saying:

这基本上是说:

  1. Turn the mod_rewrite engine on
  2. 打开mod_rewrite引擎

  3. If the HTTP Referrer is not blank…
  4. 如果HTTP Referrer不是空白的...

  5. And doesn't contain my domain name (with or without “www.”)…
  6. 并且不包含我的域名(有或没有“www。”)...

  7. Redirect any requests for anything under /PublicFiles/ to /page-about-direct-links.html
  8. 将/ PublicFiles /下的任何请求重定向到/page-about-direct-links.html

More information on mod_rewrite can be found here: mod_rewrite - Apache HTTP Server

有关mod_rewrite的更多信息,请访问:mod_rewrite - Apache HTTP Server

#3


Don't provide a direct link to the file you are serving. Provide a script that sends the content through the script once you hit the submit button.

不要提供指向您所服务文件的直接链接。提供一个脚本,一旦您点击提交按钮,脚本就会通过脚本发送内容。

Do a web search for sending files through cgi.

通过cgi进行Web搜索以发送文件。

Here is a neat link I found online: here

这是我在网上找到的一个简洁的链接:这里

#4


Why not just make the links dynamic and indirect, for example:

为什么不直接使链接动态和间接,例如:

on page X: (static)

在第X页:(静态)

<a href="Y">SuperNeat Program</a>

on page Y: (dynamically generated)

在第Y页:(动态生成)

Click here to download 
<a href="Z.php?timestamp={timestamp}&counter={counter}&hash={hash}">
SuperNeat Program</a>

and replace timestamp w/ the current time in msec since 1970, counter = a counter that you increment once per download, hash = MD5 hash of concatenate(timestamp,counter,secret salt) where secret salt = any favorite code you keep secret.

并且自1970年以来以msec替换当前时间的时间戳,counter =每次下载时递增一次的计数器,hash =连接的MD5哈希值(时间戳,计数器,秘密盐),其中秘密盐=您保密的任何收藏代码。

Then on page Z.php, you just recalculate the hash from the counter and timestamp in the query string, check that it matches the hash in the query string, and that the timestamp is recent (e.g. from the previous 30 minutes or 60 minutes or whatever). If it is, then serve the file in question. If it isn't, throw an error message. This gives someone only a brief time period to direct-link to your file. If you don't even want that, then keep track of the counter values received in the Z.php query string and don't accept them more than once.

然后在页面Z.php上,您只需从计数器和查询字符串中的时间戳重新计算哈希值,检查它是否与查询字符串中的哈希匹配,并且时间戳是最近的(例如,从之前的30分钟或60分钟或随你)。如果是,则提供相关文件。如果不是,则抛出错误消息。这为某人提供了一个短暂的时间段来直接链接到您的文件。如果您甚至不想这样,那么请跟踪Z.php查询字符串中收到的计数器值,并且不要多次接受它们。

#5


I'm not at all a web expert, but I was thinking about the following pointer -

我不是网络专家,但我在考虑以下指针 -

if you're using asp.net could http handlers or modules configured at the web site level help (lot's of information on those on the web, I looked it up recently for some work, here's one article for example.

如果您正在使用asp.net,那么在网站级别配置的http处理程序或模块可以提供帮助(很多关于Web上的信息,我最近查找了一些工作,例如这里有一篇文章。

The idea is to intercept the request before it reaches the target file and redirect it to the page you wish to show; for example - if someone wishes to browse to the url you've posted ("http://sy-stu.org/stu/PublicFiles/StdLibrary/Exam.zip") intercept this call,use some lookup to find the page you wish to display and redirect the request there;I'm guessing users following a link won't be too annoyed (unless they have done "save target as", which would result them saving some HTML and not ZIP).

我们的想法是在请求到达目标文件之前拦截它并将其重定向到您想要显示的页面;例如 - 如果有人希望浏览您发布的网址(“http://sy-stu.org/stu/PublicFiles/StdLibrary/Exam.zip”)拦截此调用,请使用一些查找来查找您的网页希望在那里显示和重定向请求;我猜测跟随链接的用户不会太烦恼(除非他们已经“保存目标为”,这将导致他们保存一些HTML而不是ZIP)。

However, there's some "hole" in my plan - how do you actually provide a link that works from your own page? I believe you can differentiate between requests coming from your web site and ones coming from others' which you could check on the handler/module by examining the request object.

但是,我的计划中存在一些“漏洞” - 您如何实际提供可以在您自己的页面中工作的链接?我相信您可以区分来自您的网站的请求和来自其他人的请求,您可以通过检查请求对象来检查处理程序/模块。

#1


If you are using PHP, you can have a script that links the user to the download but only if the $_SERVER['HTTP_REFERER'] is from your site. If it is not you redirect to your site.

如果您使用的是PHP,则可以使用脚本将用户链接到下载,但前提是$ _SERVER ['HTTP_REFERER']来自您的站点。如果不是您重定向到您的网站。

#2


Your site is hosted by an Apache web server, so you should be able to do the following in your site's httpd.conf (or virtual host block)

您的站点由Apache Web服务器托管,因此您应该能够在站点的httpd.conf(或虚拟主机块)中执行以下操作

RewriteEngine On
RewriteCond   %{HTTP_REFERER} !^$
RewriteCond   %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/  [NC]
RewriteRule   ^/PublicFiles/  /page-about-direct-links.html

That is basically saying:

这基本上是说:

  1. Turn the mod_rewrite engine on
  2. 打开mod_rewrite引擎

  3. If the HTTP Referrer is not blank…
  4. 如果HTTP Referrer不是空白的...

  5. And doesn't contain my domain name (with or without “www.”)…
  6. 并且不包含我的域名(有或没有“www。”)...

  7. Redirect any requests for anything under /PublicFiles/ to /page-about-direct-links.html
  8. 将/ PublicFiles /下的任何请求重定向到/page-about-direct-links.html

More information on mod_rewrite can be found here: mod_rewrite - Apache HTTP Server

有关mod_rewrite的更多信息,请访问:mod_rewrite - Apache HTTP Server

#3


Don't provide a direct link to the file you are serving. Provide a script that sends the content through the script once you hit the submit button.

不要提供指向您所服务文件的直接链接。提供一个脚本,一旦您点击提交按钮,脚本就会通过脚本发送内容。

Do a web search for sending files through cgi.

通过cgi进行Web搜索以发送文件。

Here is a neat link I found online: here

这是我在网上找到的一个简洁的链接:这里

#4


Why not just make the links dynamic and indirect, for example:

为什么不直接使链接动态和间接,例如:

on page X: (static)

在第X页:(静态)

<a href="Y">SuperNeat Program</a>

on page Y: (dynamically generated)

在第Y页:(动态生成)

Click here to download 
<a href="Z.php?timestamp={timestamp}&counter={counter}&hash={hash}">
SuperNeat Program</a>

and replace timestamp w/ the current time in msec since 1970, counter = a counter that you increment once per download, hash = MD5 hash of concatenate(timestamp,counter,secret salt) where secret salt = any favorite code you keep secret.

并且自1970年以来以msec替换当前时间的时间戳,counter =每次下载时递增一次的计数器,hash =连接的MD5哈希值(时间戳,计数器,秘密盐),其中秘密盐=您保密的任何收藏代码。

Then on page Z.php, you just recalculate the hash from the counter and timestamp in the query string, check that it matches the hash in the query string, and that the timestamp is recent (e.g. from the previous 30 minutes or 60 minutes or whatever). If it is, then serve the file in question. If it isn't, throw an error message. This gives someone only a brief time period to direct-link to your file. If you don't even want that, then keep track of the counter values received in the Z.php query string and don't accept them more than once.

然后在页面Z.php上,您只需从计数器和查询字符串中的时间戳重新计算哈希值,检查它是否与查询字符串中的哈希匹配,并且时间戳是最近的(例如,从之前的30分钟或60分钟或随你)。如果是,则提供相关文件。如果不是,则抛出错误消息。这为某人提供了一个短暂的时间段来直接链接到您的文件。如果您甚至不想这样,那么请跟踪Z.php查询字符串中收到的计数器值,并且不要多次接受它们。

#5


I'm not at all a web expert, but I was thinking about the following pointer -

我不是网络专家,但我在考虑以下指针 -

if you're using asp.net could http handlers or modules configured at the web site level help (lot's of information on those on the web, I looked it up recently for some work, here's one article for example.

如果您正在使用asp.net,那么在网站级别配置的http处理程序或模块可以提供帮助(很多关于Web上的信息,我最近查找了一些工作,例如这里有一篇文章。

The idea is to intercept the request before it reaches the target file and redirect it to the page you wish to show; for example - if someone wishes to browse to the url you've posted ("http://sy-stu.org/stu/PublicFiles/StdLibrary/Exam.zip") intercept this call,use some lookup to find the page you wish to display and redirect the request there;I'm guessing users following a link won't be too annoyed (unless they have done "save target as", which would result them saving some HTML and not ZIP).

我们的想法是在请求到达目标文件之前拦截它并将其重定向到您想要显示的页面;例如 - 如果有人希望浏览您发布的网址(“http://sy-stu.org/stu/PublicFiles/StdLibrary/Exam.zip”)拦截此调用,请使用一些查找来查找您的网页希望在那里显示和重定向请求;我猜测跟随链接的用户不会太烦恼(除非他们已经“保存目标为”,这将导致他们保存一些HTML而不是ZIP)。

However, there's some "hole" in my plan - how do you actually provide a link that works from your own page? I believe you can differentiate between requests coming from your web site and ones coming from others' which you could check on the handler/module by examining the request object.

但是,我的计划中存在一些“漏洞” - 您如何实际提供可以在您自己的页面中工作的链接?我相信您可以区分来自您的网站的请求和来自其他人的请求,您可以通过检查请求对象来检查处理程序/模块。