diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 0ee0363af..0746f3d1b 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -30,8 +30,7 @@ class AttachmentsController < ApplicationController
 
 
   def get_file
-    Rails.logger.info("request.host===#{request.host}")
-    Rails.logger.info("request.referer===#{request.referer}")
+    tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
     normal_status(-1, "参数缺失") if params[:download_url].blank?
     url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s
     md5_file  = Digest::MD5.hexdigest(params[:download_url])