diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index c9816ef48..0115dda99 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -298,7 +298,9 @@ class RepositoriesController < ApplicationController
     redirect_to file_path
   end
   
-  def raw 
+  def raw
+    Rails.logger.info("request.host===#{request.host},request.referer===#{request.referer}")
+    tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
     domain  = GiteaService.gitea_config[:domain]
     api_url = GiteaService.gitea_config[:base_url]