直接链接(英语:Inline linking),也称热链接(hotlinking)、leeching、piggy-backing、直接链接(direct linking)、异站图像抓取(offsite image grabs)等,它是指在一个网站网页上,未经允许地使用使用链接对象直接调用另一个网站上的资源(通常是图像)。在如今的互联网上,未经授权的直接链接常被简称为盗链

直接链接与HTTP

编辑

在万维网幕后的超文本传输协议(HTTP)技术中,并未对链路类型做任何区分,所有链接的功能均为平等,资源可以位于任何服务器的任何位置。

当访问一个网站时,浏览器首先下载HTML格式的文档内容。下载的HTML文档可能调用其他HTML文件、图像、脚本及样式表等文件。这些文件可以包含<img>标签以在页面上显示所提供URL位置的图像。其中的HTML代码可能不指定服务器,从而使网页浏览器使用与父代码(<img src="picture.jpg" />)相同的服务器。但它也可以指定在某个服务器上托管的图像的绝对URL,例如(<img src="http://www.example.com/picture.jpg" />

在浏览器下载到包含图像的HTML图像后,浏览器将联系远程服务器以请求图像内容。

内容链接的常见用法

编辑

在一个网站中可以显示另一个网站的内容是万维网超文本媒体原始设计中的一部分。常见的用法包括:

  • 未经许可制作作品的副本侵犯著作权,而在一份HTML文档中给出到原始图像或文件位置的文本链接则不会侵权。[1]
  • 网站架构师可能有意将一个网站的图像隔离或独立放置在另一个域名或服务器(可能为单台服务器、服务器集群或云服务)上,从而在不同托管服务器上采用不同的带宽、安全等策略。举例来说,热门网站Slashdot将前端页面存放在slashdot.org,各个内容存储在如games.slashdot.orgit.slashdot.org等,而图像则存储在images.slashdot.org
  • 一个网站上的文章可以选择通过内容链接的方式引用另一个网站上的著作权图像或内容,从而避免复制原始文件可能引起的权利与所有权问题。但是,由于信息源需要提供带宽,这种做法通常不被鼓励并容易视作对资源的滥用和对权利的侵犯,因为访问者没有在信息源提供者预期的行为中看到信息源整个页面的原貌。
  • 许多网页包含横幅式广告。横幅广告是由广告客户或广告中间人公司来托管。<img>标签的目标可能是一个服务器上的CGI脚本,广告服务器因而可通过其产生的唯一标识符等信息提供针对性广告。CGI脚本会收集信息、判断条件,并决定提供哪份图像。
  • 部分网站从另一个更快的服务器(例如CDN服务器)提供图像,以改善客户的访问体验。
  • 点击计数器英语Hit counterWeb计数器英语Web counter会显示当前网站或页面已被加载的次数。网站可自行实现计数器功能,有一些第三方公司为网站提供免费或收费的专业计数器及访客统计服务。

直接链接的争议用法

编辑

当网站违背用户期望时,网站之间模糊的边际会导致其他问题。有些时候,直接链接也可用于恶意目的。

  • 从其他位置检索到的内容可能不适合当前定义的展示位置。
  • Inline linking to an image stored on another site increases the bandwidth use of that site even though the site is not being viewed as intended. The complaint may be the loss of ad revenue or changing the perceived meaning through an unapproved context.
  • 跨网站脚本钓鱼式攻击攻击, may include inline links to a legitimate site to gain the confidence of a victim.
  • 按内容付费的服务可能采用复杂的脚本和内容链接技术来限制对其内容的访问。
  • 内链对象可能在客户端上执行路过式下载, exploiting faults in the code that interprets the objects. When an object is stored on an external server, the referring site has no control over if and when an originally beneficial object's content is replaced by malicious content.
  • The requests for inline objects usually contain the HTTP引用地址信息。This leaks information about the browsed pages to the servers hosting the objects (see web visitor tracking).

行为阻止

编辑

客户端侧

编辑

大多数网页浏览器都将直接根据网页指示来获取图像。[2] 嵌入式图像可能以此作为一个网络信标来跟踪用户或将信息传递给第三方。有许多广告过滤工具可不同程度地限制此类行为。

服务器侧

编辑

部分服务器采用HTTP引用地址等技术检测直接链接,并可根据相同格式返回错误、告知、引导或谴责信息,代替原始的目标图像。大多数服务器都可配置为避免为第三方直接链接提供托管的媒体内容。[3][4]

URL重写(例如Apache HTTP Server的mod_rewrite)经常被用于拒绝或重定向直接链接的图像或媒体内容到其他资源。大多数媒体资源都可通过此种方式重定向,包括视频文件、音频文件、动画资源(例如Flash)等。

Other solutions usually combine URL重写 with some custom complex server side scripting to allow hotlinking for a short time, or in more complex setups to allow the hotlinking but return an alternative image with reduced quality and size and thus reduce the bandwidth load when requested from a remote server. All hotlink prevention measures risk deteriorating the user experience on third party website.[5]

直接链接引起的著作权法律问题

编辑

The most significant legal fact about inline linking, relative to copyright law considerations, is that the inline linker does not place a copy of the image file on its own Internet server. Rather, the inline linker places a pointer on its Internet server that points to the server on which the proprietor of the image has placed the image file. This pointer causes a user's browser to jump to the proprietor's server and fetch the image file to the user's computer. US courts have considered this a decisive fact in copyright analysis. Thus, in 完美十诉亚马逊案,[6] the 美国联邦第九巡回上诉法院 explained why inline linking did not violate US copyright law:

Google does not...display a copy of full-size infringing photographic images for purposes of the Copyright Act when Google frames in-line linked images that appear on a user’s computer screen. Because Google’s computers do not store the photographic images, Google does not have a copy of the images for purposes of the Copyright Act. In other words, Google does not have any “material objects...in which a work is fixed...and from which the work can be perceived, reproduced, or otherwise communicated” and thus cannot communicate a copy. Instead of communicating a copy of the image, Google provides HTML instructions that direct a user’s browser to a website publisher’s computer that stores the full-size photographic image. Providing these HTML instructions is not equivalent to showing a copy. First, the HTML instructions are lines of text, not a photographic image. Second, HTML instructions do not themselves cause infringing images to appear on the user’s computer screen. The HTML merely gives the address of the image to the user’s browser. The browser then interacts with the computer that stores the infringing image. It is this interaction that causes an infringing image to appear on the user’s computer screen. Google may facilitate the user’s access to infringing images. However, such assistance raised only contributory liability issues and does not constitute direct infringement of the copyright owner’s display rights. ...While in-line linking and framing may cause some computer users to believe they are viewing a single Google webpage, the Copyright Act...does not protect a copyright holder against [such] acts....

参见

编辑

参考资料

编辑
  1. ^ Mike Masnick. Is Inline Linking To An Image Copyright Infringement?. Techdirt. [2014-02-15]. (原始内容存档于2018-06-23). 
  2. ^ Thomas C Greene. Vista Security Oversold. theregister.co.uk. 2007-02-20 [2007-11-16]. (原始内容存档于2018-11-12). 
  3. ^ Ross Shannon. Bandwidth Theft. yourhtmlsource.com. 2007-02-26 [2007-11-16]. (原始内容存档于2021-04-26). Some webmasters will try to directly link to your images from their pages. Luckily, a simple configuration change provides the necessary fix. 
  4. ^ Thomas Scott. Smarter Image Hotlinking Prevention. alistapart.com. 2004-07-13 [2007-11-16]. (原始内容存档于2013-01-14). 
  5. ^ Aleksandersen, Daniel. Image quality degradation as a hotlink prevention measure and deterrent. [1 September 2016]. (原始内容存档于2016-12-20). 
  6. ^ 487 F.3d 701 (9th Cir. 2007).