使用.htaccess阻止JavaScript热链接-白红宇

Almost a decade (!) ago I wrote a post about . We all have the right to protect imagery hosted on our domain because it can slow our site down tremendously. I love that post because it shows you how to replace the image requested with any image of your choosing; for example, I could replace any incoming image request with my logo:

大约十年前(！)，我写了一篇有关。我们所有人都有权保护我们域中托管的图像，因为它会极大地降低我们的网站速度。我喜欢该帖子，因为它显示了如何用您选择的任何图像替换请求的图像；例如，我可以用徽标替换所有传入的图像请求：


    
       RewriteEngine on  RewriteCond %{HTTP_REFERER} !^$  RewriteCond %{HTTP_REFERER} !^https://davidwalsh.name/.*$ [NC]  RewriteRule .*.(png|gif|jpe?g)$ [F,NC]

But what should we do when someone is hotlinking JavaScript files? I've written a ton about JavaScript over the years, oftentimes providing a demo page, so you can probably guess I host many JavaScript files, including all of my MooTools plugin files. I've chosen a somewhat harsh approach to prevent hotlinking of JavaScript files:

但是，当有人在热链接JavaScript文件时我们该怎么办？这些年来，我写了大量关于JavaScript的文章，经常提供一个演示页面，因此您可能会猜到我托管了许多JavaScript文件，包括我的所有MooTools插件文件。我选择了一种比较严厉的方法来防止JavaScript文件的热链接：


    
       RewriteEngine on  RewriteCond %{HTTP_REFERER} !^$  RewriteCond %{HTTP_REFERER} !^https://davidwalsh.name/.*$ [NC]  RewriteRule \.(js)$ http://davidwalsh.name/hotlink.js [R,L]

The snippet above, placed in my .htaccess file, directs my server to ignore the JavaScript file the foreign domain has requested and instead provide a hotlink.js file whose contents are a bit devious:

上面的代码段放置在我的.htaccess文件中，它指示我的服务器忽略外部域请求JavaScript文件，而是提供一个内容有点hotlink.js文件：

window.location = 'https://davidwalsh.name/';

A bit harsh? Perhaps, but my server is put under undue stress, they shouldn't be hotlinking files, and being redirected to my site is a good indication of where they should be looking to fix the issue. I could do worse, like serve or redirect them to an adult site, but I'd prefer not to go that far.

有点苛刻？也许吧，但是我的服务器承受了过大的压力，它们不应该热链接文件，重定向到我的网站可以很好地表明他们应该在哪里解决此问题。我可以做的更糟，例如服务或将其重定向到成人网站，但我不想走那么远。

Protect your server from hotlinking -- you have every right to and, in the end, you're probably doing them a favor.

保护您的服务器免于热链接-您拥有一切权利，最后，您可能会帮他们忙。

翻译自: