zoukankan      html  css  js  c++  java
  • nginx防盗链


    什么是防盗链

    防盗链简而言之就是防止第三方或者未进允许的域名访问自己的静态资源的一种限制技术。比如A网站有许多自己独立的图片素材不想让其它网站通过直接调用图片路径的方式访问图片,于是采用防盗链方式来防止。

    nginx防盗链

    防盗链基于客户端携带的referer实现,referer是记录打开一个页面之前记录是从哪个页面跳转过来的标记信息,如果别人只链接了自己网站的图片或某个单独的资源,而不是打开整个页面,这就是盗链,referer就是之前的那个网站域名,正常的referer信息有以下几种

    nginx防盗链的代码定义

    • 定义合规的引用
    valid_referers none | blocked | server_names | string ...;
    
    • 拒绝不合规的引用:
    if  ($invalid_referer) {
        rewrite ^/.*$ http://www.b.org/403.html 
    }
    

    参数说明:

    • none:请求报文没有referer首部,比如用户直接在浏览器输入域名访问往web网站,就是没有referer信息
    • blocked:请求报文由referer信息,但无又有效值为空
    • server_names:referer首部中包含本主机及nginx监听的server_name
    • invalid_referer:不合规的feferer引用

    实例演示

    图片源地址 调用图片地址
    dev.api.dd.com localhost

    测试页面index.html

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>演示nginx防盗链</title>
    </head>
    <body>
    <img src="http://dev.api.dd.com/timg.jpeg" style=" 100px;height: 100px;" />
    </body>
    </html>
    

    正常配置nginx不做防盗链处理

    server {
        listen 80;
        server_name dev.api.dd.com;
        root /Users/lidong/Desktop/wwwroot/dd_api/public;
        index index.php index.html index.htm;
        access_log /Users/lidong/wwwlogs/dev.api.dd.com_access.log; 
        error_log  /Users/lidong/wwwlogs/dev.api.dd.com_error.log; 
        location ~ [^/].php(/|$) {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
    
        location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ {
        }
    
        try_files $uri $uri/ @rewrite;
        location @rewrite {
            rewrite ^/(.*)$ /index.php?_url=/$1;
        }
    
    }`
    

    运行http://localhost/index.html结果

    配置限定的资源文件如果被第三方调用直接返回403

    server {
        listen 80;
        server_name dev.api.dd.com;
        root /Users/lidong/Desktop/wwwroot/dd_api/public;
        index index.php index.html index.htm;
        access_log /Users/lidong/wwwlogs/dev.api.dd.com_access.log; 
        error_log  /Users/lidong/wwwlogs/dev.api.dd.com_error.log; 
        location ~ [^/].php(/|$) {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
    
        location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ {
            valid_referers none blocked dev.api.dd.com;
            if ($invalid_referer)
            {
                return 403;
            }
        }
    
        try_files $uri $uri/ @rewrite;
        location @rewrite {
            rewrite ^/(.*)$ /index.php?_url=/$1;
        }
    
    }
    

    运行http://localhost/index.html结果

    配置限定的资源文件如果被第三方调用直接返回一张404的图片

    server {
        listen 80;
        server_name dev.api.dd.com;
        root /Users/lidong/Desktop/wwwroot/dd_api/public;
        index index.php index.html index.htm;
        access_log /Users/lidong/wwwlogs/dev.api.dd.com_access.log; 
        error_log  /Users/lidong/wwwlogs/dev.api.dd.com_error.log; 
        location ~ [^/].php(/|$) {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
    
        location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ {
            valid_referers none blocked dev.api.dd.com;
            if ($invalid_referer)
            {
                rewrite ^/ http://dev.api.dd.com/404.jpeg;
            }
        }
    
        try_files $uri $uri/ @rewrite;
        location @rewrite {
            rewrite ^/(.*)$ /index.php?_url=/$1;
        }
    
    }
    

    运行http://localhost/index.html结果

    调用的图片显示302

    用一张源站的404替换显示

  • 相关阅读:
    TurtleBot3 安装OpenCR包
    TurtleBot3-树苺派SD卡备份镜像
    TurtleBot3-树莓派开启SSH服务
    ajax 接收json数据的进一步了解
    获取从天气预报接口返回回来的json数据
    创建一个学生表student,默认的表空间为users,字段自定,同时为表的各个字段分别添加合适的约束,然后测试约束的验证状态。
    org.apache.jasper.JasperException: Unable to compile class for JSP: Invalid character constant
    oracle 管理表空间
    !!!myeclipse 上加载本地图片问题,无法加载问题
    js 关闭页面(Scripts may close only the windows that were opened by it.)
  • 原文地址:https://www.cnblogs.com/lisqiong/p/11356065.html
Copyright © 2011-2022 走看看