【CentOS 7架构27】，设置nginx防盗链#

最新推荐文章于 2023-11-18 07:00:00 发布

chouduan9798

最新推荐文章于 2023-11-18 07:00:00 发布

阅读量151

点赞数

CC 4.0 BY-SA版权

文章标签：运维 php

原文链接：https://my.oschina.net/u/3892756/blog/3069409

本文详细介绍了如何使用Nginx进行防盗链配置，通过设置valid_referers指令限制只有特定域名可以请求资源，同时利用if($invalid_referer)返回403禁止非法引用，确保网站资源不被未授权网站盗用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

shallow丿ove

nginx防盗链

配置 location ~*^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com; if ($invalid_referer){ return 403; } access_log off; }

[root@localhost ~]# vi /usr/local/nginx/conf/vhost/test.com.conf
      1 server
      2 {
      3         listen 80;
      4         server_name test.com test1.com test2.com;
      5         index index.html index.htm index.php;
      6         root /data/wwwroot/test.com;
      7         if ($host != 'test.com'){
      8                 rewrite ^/(.*)$ http://test.com/$1 permanent;
      9         }
     10 
     11 #       location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
     12 #       {
     13 #               expires 7d;
     14 #               access_log off;
     15 #       }
     16         location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     17         {
     18                 expires 7d;
     19                 valid_referers none blocked server_name *.test.com;
     20                 if ($invalid_referer){
     21                         return 403;
     22                 }
     23                 access_log off;
     24         }
     25         location ~ .*\.(js|css)$
     26         {
     27 #               expires 12h;
     28                 access_log off;
     29         }
     30 
     31         access_log /tmp/test.com.log;
     32 }
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -x 127.0.0.1:80 test.com/2.js -I
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Thu, 04 Jan 2018 15:08:27 GMT
Content-Type: application/x-javascript
Content-Length: 3
Last-Modified: Thu, 04 Jan 2018 08:50:53 GMT
Connection: keep-alive
ETag: "5a4deaed-3"
Accept-Ranges: bytes

[root@localhost ~]# curl -x 127.0.0.1:80 test.com/1.gif -I
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Thu, 04 Jan 2018 15:08:53 GMT
Content-Type: image/gif
Content-Length: 4
Last-Modified: Thu, 04 Jan 2018 08:50:47 GMT
Connection: keep-alive
ETag: "5a4deae7-4"
Accept-Ranges: bytes

[root@localhost ~]# curl -e "http://www.baidu.com/1.txt" -x 127.0.0.1:80 test.com/1.gif -I
HTTP/1.1 403 Forbidden
Server: nginx/1.4.7
Date: Thu, 04 Jan 2018 15:13:25 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

[root@localhost ~]# curl -e "http://www.test.com/1.txt" -x 127.0.0.1:80 test.com/1.gif -I
HTTP/1.1 200 OK
Server: nginx/1.4.7
Date: Thu, 04 Jan 2018 15:13:44 GMT
Content-Type: image/gif
Content-Length: 4
Last-Modified: Thu, 04 Jan 2018 08:50:47 GMT
Connection: keep-alive
ETag: "5a4deae7-4"
Expires: Thu, 11 Jan 2018 15:13:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

[root@localhost ~]# cat /tmp/test.com.log
127.0.0.1 - - [04/Jan/2018:16:51:53 +0800] "GET HTTP://test.com/index.html HTTP/1.1" 200 9 "-" "curl/7.29.0"
127.0.0.1 - - [04/Jan/2018:16:52:08 +0800] "GET HTTP://test.com/index.html HTTP/1.1" 200 9 "-" "curl/7.29.0"
127.0.0.1 - - [04/Jan/2018:16:53:57 +0800] "GET HTTP://test.com/3.php HTTP/1.1" 404 168 "-" "curl/7.29.0"

转载于:https://my.oschina.net/u/3892756/blog/3069409