nginx防盜鏈

什麼叫防盜鏈?html

兩個網站A和B, A網站引用了B網站上的圖片,這種行爲就叫盜鏈。防盜鏈,就是要防止A引用B的圖片。linux

若是不作防盜鏈那麼服務器會多出來不少的帶寬。開銷很大。nginx

配置confcentos

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.linux.com; ##通配容許.linux.com白名單
    if ($invalid_referer) {    ##若不是*.linux.com
        return 403;   ##返回403
    }
    access_log off;
}

測試bash

# curl -x127.0.0.1:80 -e "http://bbs.centos.com/1.jpg" http://blog.linux.com/1.jpg -I
HTTP/1.1 403 Forbidden
Server: nginx/1.17.0
Date: Sun, 13 Oct 2019 01:29:29 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

  

# curl -x127.0.0.1:80 -e "http://bbs.linux.com/1.jpg" http://blog.linux.com/1.jpg -I
HTTP/1.1 200 OK
Server: nginx/1.17.0
Date: Sun, 13 Oct 2019 01:29:48 GMT
Content-Type: image/jpeg
Content-Length: 3875
Last-Modified: Mon, 26 Aug 2019 00:30:39 GMT
Connection: keep-alive
ETag: "5d63282f-f23"
Accept-Ranges: bytes

  

# curl -x127.0.0.1:80 -e "http://bbs.linux1.com/1.jpg" http://blog.linux.com/1.jpg -I
HTTP/1.1 403 Forbidden
Server: nginx/1.17.0
Date: Sun, 13 Oct 2019 01:38:31 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

由上能夠查看出*.linux.com通配都能訪問到圖片。只有一個真相防盜鏈作成功了。服務器

相關文章
相關標籤/搜索