LNMP - nginx配置防盗链
2015-10-31 20:27
716 查看
1、配置虚拟主机文件
[root@bogon tmp]# cat /usr/local/nginx/conf/vhosts/test.conf
server
{
listen 80;
server_name www.test.com www.aaa.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
location ~ .*admin\.php$ {
auth_basic "caimz auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|gz|bz2)$
{
access_log off;
expires 15d;
valid_referers none blocked *.test.com *.aaa.com *.aminglinux.com;
if ($invalid_referer)
{
return 403;
}
}
location ~ \.(js|css)
{
access_log off;
expires 2h;
}
location ~ (static|cache)
{
access_log off;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
}
2、检查配置文件
[root@bogon tmp]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
3、重新加载nginx的配置文件
[root@bogon tmp]# /usr/local/nginx/sbin/nginx -s reload
4、测试
curl -e可是测试referer
上图图片地址为:
Request URL:
http://www.test.com/static/image/common/logo_88_31.gif
[root@bogon tmp]# curl -e "http://www.baidu.com/111" -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 403 Forbidden #测试也就是我这图片能否放在baidu网上。 显示403则说明防盗链设置OK,起作用了。禁止盗取。
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:45:30 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@bogon tmp]# curl -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 200 OK #测试也就是我这图片能否放在www.test.com。 显示200则说明防盗链设置OK,起作用了。可以的,因为www.test.com就是在我白名单中
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:45:45 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Tue, 09 Jun 2015 17:21:10 GMT
Connection: keep-alive
ETag: "55772086-9e0"
Expires: Mon, 09 Nov 2015 09:45:45 GMT
Cache-Control: max-age=1296000
Accept-Ranges: bytes
[root@bogon tmp]# curl -e "http://www.test.com/111" -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:46:14 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Tue, 09 Jun 2015 17:21:10 GMT
Connection: keep-alive
ETag: "55772086-9e0"
Expires: Mon, 09 Nov 2015 09:46:14 GMT
Cache-Control: max-age=1296000
Accept-Ranges: bytes
[root@bogon tmp]# curl -e "http://www.aaa.com/111" -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 200 OK #测试也就是我这图片能否放在www.aaa.com。 显示200则说明防盗链设置OK,起作用了。可以的,因为www.aaa.com就是在我白名单中
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:46:21 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Tue, 09 Jun 2015 17:21:10 GMT
Connection: keep-alive
ETag: "55772086-9e0"
Expires: Mon, 09 Nov 2015 09:46:21 GMT
Cache-Control: max-age=1296000
Accept-Ranges: bytes
[root@bogon tmp]# cat /usr/local/nginx/conf/vhosts/test.conf
server
{
listen 80;
server_name www.test.com www.aaa.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
location ~ .*admin\.php$ {
auth_basic "caimz auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|gz|bz2)$
{
access_log off;
expires 15d;
valid_referers none blocked *.test.com *.aaa.com *.aminglinux.com;
if ($invalid_referer)
{
return 403;
}
}
location ~ \.(js|css)
{
access_log off;
expires 2h;
}
location ~ (static|cache)
{
access_log off;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
}
2、检查配置文件
[root@bogon tmp]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
3、重新加载nginx的配置文件
[root@bogon tmp]# /usr/local/nginx/sbin/nginx -s reload
4、测试
curl -e可是测试referer
上图图片地址为:
Request URL:
http://www.test.com/static/image/common/logo_88_31.gif
[root@bogon tmp]# curl -e "http://www.baidu.com/111" -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 403 Forbidden #测试也就是我这图片能否放在baidu网上。 显示403则说明防盗链设置OK,起作用了。禁止盗取。
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:45:30 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@bogon tmp]# curl -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 200 OK #测试也就是我这图片能否放在www.test.com。 显示200则说明防盗链设置OK,起作用了。可以的,因为www.test.com就是在我白名单中
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:45:45 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Tue, 09 Jun 2015 17:21:10 GMT
Connection: keep-alive
ETag: "55772086-9e0"
Expires: Mon, 09 Nov 2015 09:45:45 GMT
Cache-Control: max-age=1296000
Accept-Ranges: bytes
[root@bogon tmp]# curl -e "http://www.test.com/111" -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:46:14 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Tue, 09 Jun 2015 17:21:10 GMT
Connection: keep-alive
ETag: "55772086-9e0"
Expires: Mon, 09 Nov 2015 09:46:14 GMT
Cache-Control: max-age=1296000
Accept-Ranges: bytes
[root@bogon tmp]# curl -e "http://www.aaa.com/111" -I -x127.0.0.1:80 'http://www.test.com/static/image/common/logo_88_31.gif'
HTTP/1.1 200 OK #测试也就是我这图片能否放在www.aaa.com。 显示200则说明防盗链设置OK,起作用了。可以的,因为www.aaa.com就是在我白名单中
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 09:46:21 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Tue, 09 Jun 2015 17:21:10 GMT
Connection: keep-alive
ETag: "55772086-9e0"
Expires: Mon, 09 Nov 2015 09:46:21 GMT
Cache-Control: max-age=1296000
Accept-Ranges: bytes
相关文章推荐
- LNMP - nginx配置静态文件过期时间
- Nginx+Lua学习笔记-环境搭建
- nginx篇二
- nginx篇一
- Nginx负载均衡和LVS负载均衡的比较分析
- Nginx负载均衡配置实例详解
- centos7.0 64位系统 安装PHP 支持 nginx
- centos7.0 64位系统安装 nginx
- keepalived构建LVS_DR和Nginx的高可用集群
- Mastering Nginx 笔记三----upstream模块解释
- nginx的502错误
- Nginx平滑升级和平滑重启
- Nginx+PHP平台搭建(Linux+Nginx+Mysql+PHP)
- Nginx优化
- nginx:1、I/O模型及nginx简介
- 虚拟机下Linux安装好Nginx后,宿主机无法访问时处理方法
- nginx和keepalive共存亡
- keepalive监控nginx
- /etc/init.d/nginx
- nginx直接访问html的配置