热链接保护不适用于 .htaccess
Hotlink Protection not working with .htaccess
我在服务器上安装了 WordPress MU 并使用了一些 Mod 压缩和缓存文件以及 .htaccess 文件中的一些其他小修改,当我为客户端遇到一些修改时,我注意到在他的服务器上,图像是从我的服务器提供的。
服务器配置:Plesk/CentOS - Linux 托管
经过全面研究后,我尝试将所有可用代码放在 Whosebug 文章和其他教程和网站中,但找不到哪里做错了,但它不起作用。
.htaccess 与热链接正则表达式和其他重写规则
RewriteEngine On
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file= [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
如果我清空我的 .htaccess 并只保留以下代码,它就可以工作。
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
我做错了什么?
您需要将此 HTTP_REFERER 置于所有其他规则之上。问题是您有将所有 URI 重写为 index.php 的规则。由于该规则 RewriteRule \.(jpg|jpeg|png|gif)$ 失败。
完成.htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file= [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
我在服务器上安装了 WordPress MU 并使用了一些 Mod 压缩和缓存文件以及 .htaccess 文件中的一些其他小修改,当我为客户端遇到一些修改时,我注意到在他的服务器上,图像是从我的服务器提供的。
服务器配置:Plesk/CentOS - Linux 托管
经过全面研究后,我尝试将所有可用代码放在 Whosebug 文章和其他教程和网站中,但找不到哪里做错了,但它不起作用。
.htaccess 与热链接正则表达式和其他重写规则
RewriteEngine On
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file= [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
如果我清空我的 .htaccess 并只保留以下代码,它就可以工作。
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
我做错了什么?
您需要将此 HTTP_REFERER 置于所有其他规则之上。问题是您有将所有 URI 重写为 index.php 的规则。由于该规则 RewriteRule \.(jpg|jpeg|png|gif)$ 失败。
完成.htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file= [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>