Nginx图片的防盗链配置
2016-08-03 18:03
639 查看
[root@web01 www]# cat /app/server/nginx/conf/vhosts/default.conf server { listen 80 default_server; server_name 192.168.1.24 web01.espressos.cn; root /app/www; index index.php index.html index.htm; location ~* \.(gif|jpg|png|swf|flv)$ { #对gif,jpg,png,swf,flv后缀的文件实行防盗链 valid_referers none blocked 192.168.1.24 web01.espressos.cn; #对192.168.1.24 web01.espressos.cn这两个来路进行判断(主要是根椐http协议里的referer) if ($invalid_referer) { #if{}里面内容的意思是,如果来路不是指定来路就跳转到错误页面,当然直接返回403也是可以的。 rewrite ^/ http://192.168.1.24/403.html; #return 404; } } location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } access_log /app/log/nginx/access/default.log; }
第8行;valid_referers none blocked *.espressos.cn *qq.com *baidu.com ; 就是白名单,允许文件链出的域名白名单,自行修改成您的域名! *.espressos.cn这个指的是子域名,域名与域名之间使用空格隔开!baidu.com是搜索引擎,做qq.com的白名单是因为可能有用户用邮箱订阅你的站点,如果不设置为白名单,用户在邮箱就无法看见你的图了,同理,如果还有其他订阅方式、搜索引擎都最好添加一下。
验证代码:
[root@web01 www]# cat q.html <html> <body><img alt="http://192.168.1.24/cat.png" src="http://192.168.1.24/cat.png" height="auto" width="auto"></body> </html> [root@web01 www]#
另一台WEB服务器盗用WEB01的图片(配置如下):
[root@lmr default]# cat /app/server/nginx/conf/vhosts/default.conf server { listen 80; server_name localhost; index index.html index.htm index.php; root /app/www/default; location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 1h; } include /app/server/nginx/conf/rewrite/default.conf; access_log /app/log/nginx/access/default.log; }
验证:
[root@lmr default]# pwd /app/www/default [root@lmr default]# cat q.html <html> <body><img alt="http://192.168.1.24/cat.png" src="http://192.168.1.24/cat.png" height="auto" width="auto"></body> </html> [root@lmr default]#
防盗成功!!!
把web01上的防盗代码注释掉:
[root@web01 www]# cat /app/server/nginx/conf/vhosts/default.conf server { listen 80 default_server; server_name 192.168.1.24 web01.espressos.cn; root /app/www; index index.php index.html index.htm; #location ~* \.(gif|jpg|png|swf|flv)$ { #valid_referers none blocked 192.168.1.24 web01.espressos.cn; #if ($invalid_referer) { # rewrite ^/ http://192.168.1.24/403.html; # return 404; # } #} location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } access_log /app/log/nginx/access/default.log; } [root@web01 www]# /app/server/nginx/sbin/nginx -s reload
重新测式盗连图片的服务器,盗图是否成功:
图片盗连成功!!
============新测试======================
sh-4.1# cat /etc/nginx/vhosts/test.espressos.cn.conf server { listen 80; server_name test.espressos.cn; index index.html 123.57.37.211 index.htm index.php; root /usr/html/test.espressos.cn; location ~ .*\.(php|php5) { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; fastcgi_param PATH_INFO $fastcgi_script_name; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { valid_referers none blocked 123.57.37.211 test.espressos.cn; if ($invalid_referer) { #rewrite ^/ http://123.57.36.227/404.html; return 404; } } location ~ .*\.(js|css)?$ { expires 1h; } include /etc/nginx/rewrite/test.espressos.cn.conf; access_log /var/log/nginx/test.espressos.log; }
注意上面的第19和20行:(图片服务器的IP:123.57.37.211)
[root@lmr default]# cat q.html <html> <body><img alt="cat.png" src="http://123.57.37.211/cat.png" height="auto" width="auto"></body> </html> [root@lmr default]# 本机是另外一台WEB服务器IP192.168.1.83
访问测试面q.html(上面的页网代码),测试结果如下:
图片服务器的404.html:
sh-4.1# cat /usr/html/test.espressos.cn/404.html error sh-4.1# cat /etc/nginx/vhosts/test.espressos.cn.conf server { listen 80; server_name test.espressos.cn; index index.html 123.57.36.227 index.htm index.php; root /usr/html/test.espressos.cn; location ~ .*\.(php|php5) { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; fastcgi_param PATH_INFO $fastcgi_script_name; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { valid_referers none blocked 123.57.36.227 test.espressos.cn; if ($invalid_referer) { rewrite ^/ http://123.57.36.227/404.html; #return 404; } } location ~ .*\.(js|css)?$ { expires 1h; } include /etc/nginx/rewrite/test.espressos.cn.conf; access_log /var/log/nginx/test.espressos.log; }
注意21和22行(上为图片服务器的web配置文件)
相关文章推荐
- nginx配置图片防盗链
- 为Nginx配置图片防盗链
- Nginx图片防盗链配置实例
- Nginx 图片防盗链 正确配置 已测试通过
- 关于nginx图片防盗链配置实例详解
- nginx图片防盗链配置
- Nginx 图片服务器安装配置
- Apache和Nginx防盗链的几种配置方法
- nginx常用配置实例(虚拟主机,防盗链,日志切割)
- nginx做反向代理,实现负载均衡基本配置。无法加载css,js或图片
- nginx设置图片防盗链和白名单
- nginx图片防盗链设置
- Nginx防盗链的配置方法
- apache 配置图片防盗链
- nginx图片防盗链
- mogilefs + nginx 图片分布式存储spring配置
- 用Nginx配置https加密站点 nginx学习之一Location,rewrite,防盗链,禁止访问
- apache(httpd)|nginx图片防盗链的技巧
- nginx图片缓存服务器配置实战
- Nginx的详细防盗链配置