Hotlink Protection无法使用.htaccess

时间:2017-05-17 15:01:32

标签: php apache .htaccess mod-rewrite hotlinking

我在服务器上安装了WordPress MU,并使用了一些Mod Deflate和Caching文件以及.htaccess文件中的一些其他小修改,当我遇到客户端的一些修改时,我注意到他的服务器上的图像是从我的服务器提供。

服务器配置:Plesk / CentOS - Linux主机

经过全面研究后,我尝试将所有可用代码放在StackOverflow文章和其他教程和网站中,但无法找到错误但却无法正常工作。

使用热链接正则表达式和其他重写规则

.htaccess 

RewriteEngine On
RewriteRule ^index\.php$ - [L] 

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

<Files wp-config.php>  
       order allow,deny  
       deny from all  
</Files> 

<Files .htaccess>  
   order allow,deny  
   deny from all  
</Files> 

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

如果我清空我的.htaccess并保留以下代码就行了。 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

我做错了什么?

1 个答案:

答案 0 :(得分:2)

您需要将此HTTP_REFERER保留在所有其他规则之上。问题是您有将所有URI重写为index.php的规则。由于该规则RewriteRule \.(jpg|jpeg|png|gif)$失败。

完成.htaccess:

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

RewriteRule ^index\.php$ - [L] 

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

<Files wp-config.php>  
       order allow,deny  
       deny from all  
</Files> 

<Files .htaccess>  
   order allow,deny  
   deny from all  
</Files> 

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
相关问题
最新问题