1、防盗链与http的referer
防盗链的配置:
防盗链配置:
valid_referers none |blocked|server_names|strings.....;none,检测Referer头域不存在的情况
blocked,检测referer头域的值被防火墙或者代理服务器删除伪装的情况。这种情况该头域的值不以http://或https://开头
server_names,设置一个或者多个URL,检测Referer头域的值是否是这些URL中的某一个在需要防盗链的location中配置
valid_referers 192.168.44.101;
if($invalid_referer){
return 403;
}使用curl测试
curl -I http://192.168.44.101/img/logo.png带引用
curl -e "http://baidu.com" -I http://192.168.44.101/img/logo.png
nginx.conf配置文件:
#user nobody;
worker_processes 1;events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;sendfile on;
keepalive_timeout 65;
#2台反向代理负载均衡,默认轮训
#按比例负载均衡
upstream httpds{
server 192.168.208.200:80 weight=8;
server 192.168.208.201:80 weight=2;
server 192.168.208.202:8080 weight=1;}
server {
listen 80;
server_name localhost;
location / {
#会被代理到这个地址,只写一个代理,需要写全名,配置外网#proxy_pass http://www.baidu.com;
#配置内网
rewrite ^/([0-9]+)/index$ /index?number=$1 break;;
proxy_pass http://https;
}
location ~*/(js|image|css){
#检测192.168.208.201的请求,如果检测是无效的,直接返回403
valid_referers 192.168.208.201;
if($invalid_referer){
return 403;
}
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}}
}
注意修改完nginx.conf,需要重载nginx。
systemctl reload nginx
curl是nginx的工具,浏览器刷不出来的时候后,用curl来测试。
使用curl测试
curl -I http://192.168.208.101/img/logo.png带引用
curl -e "http://baidu.com" -I http://192.168.208.101/img/logo.png