什麼叫防盜鏈?html
兩個網站A和B, A網站引用了B網站上的圖片,這種行爲就叫盜鏈。防盜鏈,就是要防止A引用B的圖片。linux
若是不作防盜鏈那麼服務器會多出來不少的帶寬。開銷很大。nginx
配置confcentos
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.linux.com; ##通配容許.linux.com白名單 if ($invalid_referer) { ##若不是*.linux.com return 403; ##返回403 } access_log off; }
測試bash
# curl -x127.0.0.1:80 -e "http://bbs.centos.com/1.jpg" http://blog.linux.com/1.jpg -I HTTP/1.1 403 Forbidden Server: nginx/1.17.0 Date: Sun, 13 Oct 2019 01:29:29 GMT Content-Type: text/html Content-Length: 153 Connection: keep-alive
# curl -x127.0.0.1:80 -e "http://bbs.linux.com/1.jpg" http://blog.linux.com/1.jpg -I HTTP/1.1 200 OK Server: nginx/1.17.0 Date: Sun, 13 Oct 2019 01:29:48 GMT Content-Type: image/jpeg Content-Length: 3875 Last-Modified: Mon, 26 Aug 2019 00:30:39 GMT Connection: keep-alive ETag: "5d63282f-f23" Accept-Ranges: bytes
# curl -x127.0.0.1:80 -e "http://bbs.linux1.com/1.jpg" http://blog.linux.com/1.jpg -I HTTP/1.1 403 Forbidden Server: nginx/1.17.0 Date: Sun, 13 Oct 2019 01:38:31 GMT Content-Type: text/html Content-Length: 153 Connection: keep-alive
由上能夠查看出*.linux.com通配都能訪問到圖片。只有一個真相防盜鏈作成功了。服務器