什么叫防盗链?
两个网站A和B, A网站引用了B网站上的图片,这种行为就叫盗链。防盗链,就是要防止A引用B的图片。
如果不做防盗链那么服务器会多出来很多的带宽。开销很大。
配置conf
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.linux.com; ##通配允许.linux.com白名单
if ($invalid_referer) { ##若不是*.linux.com
return 403; ##返回403
}
access_log off;
}
测试
# curl -x127.0.0.1:80 -e "http://bbs.centos.com/1.jpg" http://blog.linux.com/1.jpg -I HTTP/1.1 403 Forbidden Server: nginx/1.17.0 Date: Sun, 13 Oct 2019 01:29:29 GMT Content-Type: text/html Content-Length: 153 Connection: keep-alive
# curl -x127.0.0.1:80 -e "http://bbs.linux.com/1.jpg" http://blog.linux.com/1.jpg -I HTTP/1.1 200 OK Server: nginx/1.17.0 Date: Sun, 13 Oct 2019 01:29:48 GMT Content-Type: image/jpeg Content-Length: 3875 Last-Modified: Mon, 26 Aug 2019 00:30:39 GMT Connection: keep-alive ETag: "5d63282f-f23" Accept-Ranges: bytes
# curl -x127.0.0.1:80 -e "http://bbs.linux1.com/1.jpg" http://blog.linux.com/1.jpg -I HTTP/1.1 403 Forbidden Server: nginx/1.17.0 Date: Sun, 13 Oct 2019 01:38:31 GMT Content-Type: text/html Content-Length: 153 Connection: keep-alive
由上可以查看出*.linux.com通配都能访问到图片。只有一个真相防盗链做成功了。