Php--http请求防盗链

自己的网站不想让别人盗链,可以通过HTTP协议中的Referer来实现,首先对一个页面进行抓包,对包的headers进行分析一下。
访问测试页面http://localhost/hsp/fdl/index.php

(Request-Line) GET /hsp/fdl/waf.php HTTP/1.1
Host localhost
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding gzip, deflate

Referer http://localhost/hsp/fdl/index.php
Connection keep-alive
(Status-Line) HTTP/1.1 200 OK
Date Fri, 29 Nov 2013 05:45:20 GMT
Server Apache/2.2.4 (Win32) PHP/5.2.3
X-Powered-By PHP/5.2.3
Content-Length 37
Keep-Alive timeout=5, max=100
Connection Keep-Alive
Content-Type text/html
通过PHP获取HTTP内容

<?php
foreach($_SERVER as $key => $value)
    {
        echo "$key = $value <br>";
    }
 
 
?>

HTTP_HOST = localhost
HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
HTTP_ACCEPT_LANGUAGE = zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
HTTP_ACCEPT_ENCODING = gzip, deflate
HTTP_CONNECTION = keep-alive
PATH = C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;c:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;c:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;c:\Program Files\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;D:\Software\IBM;
SystemRoot = C:\Windows
COMSPEC = C:\Windows\system32\cmd.exe
PATHEXT = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
WINDIR = C:\Windows
SERVER_SIGNATURE =
Apache/2.2.4 (Win32) PHP/5.2.3 Server at localhost Port 80
SERVER_SOFTWARE = Apache/2.2.4 (Win32) PHP/5.2.3
SERVER_NAME = localhost
SERVER_ADDR = 127.0.0.1
SERVER_PORT = 80
REMOTE_ADDR = 127.0.0.1
DOCUMENT_ROOT = F:/AppServ/www
SERVER_ADMIN = 123123
SCRIPT_FILENAME = F:/AppServ/www/hsp/fdl/index.php
REMOTE_PORT = 50831
GATEWAY_INTERFACE = CGI/1.1
SERVER_PROTOCOL = HTTP/1.1
REQUEST_METHOD = GET
QUERY_STRING =
REQUEST_URI = /hsp/fdl/index.php
SCRIPT_NAME = /hsp/fdl/index.php
PHP_SELF = /hsp/fdl/index.php
REQUEST_TIME = 1385704878
argv = Array
argc = 0
下面进行防盗链测试,实验过程只容许本地访问WAF.php,不容许其它的地址访问WAF.PHP代码如下

<?php
    //通过Referer来控制
 
    if(isset($_SERVER))
    {
 
        if(strpos($_SERVER['HTTs_REFERER'],"http://localhost/hsp/fdl/")===0)
        {
            echo"WAFwafwafwafwafwafwaf";
        }
        else
        {   
            header("Location: err.php");
        }
    }
    else
    {
            header("Location: err.php");
    }
 
 
?>

标签: php防盗链, websec