防资源盗链

最新推荐文章于 2023-09-30 16:39:06 发布

backzy

最新推荐文章于 2023-09-30 16:39:06 发布

阅读量161

点赞数

分类专栏： # nginx服务

本文链接：https://blog.csdn.net/cmdd_/article/details/108623009

版权

nginx服务专栏收录该内容

31 篇文章 0 订阅

订阅专栏

盗链就是由我的网站向你的网站发起get获取资源的请求

1.配置被盗链的网站

[root@web02 /etc/nginx/conf.d]# vim beidaolian.conf
server {
    listen 80;
    server_name linux.beidaolian.com;

    location / {
        root /code/beidaolian;
        index index.html;
    }
}

[root@web02 /etc/nginx/conf.d]# mkdir /code/beidaolian
[root@web02 /etc/nginx/conf.d]# cd /code/beidaolian/
[root@web02 /code/beidaolian]# rz
[root@web02 /code/beidaolian]# ll
total 13444
-rw-r--r-- 1 root root   18632 2020-09-11 15:57 1.jpg
-rw-r--r-- 1 root root  471421 2020-09-11 15:57 3.jpg

2.配置盗链的网站

[root@web01 /]# vim /etc/nginx/conf.d/daolian.conf
server {
    listen 80;
    server_name linux.daolian.com;
    root /code/cache;
}

[root@web01 /]# vim /code/cache/index.html 
<img src="http://linux.beidaolian.com/1.jpg" />

#配置hosts
[root@web01 /]# vim /etc/hosts
10.0.0.8 linux.beidaolian.com

#windows配置访问页面
10.0.0.7 linux.daolian.com
访问http://linux.daolian.com/

3.配置防盗链语法

Syntax:	valid_referers none | blocked | server_names | string ...;
Default:	—
Context:	server, location

none		#nginx日志中referer部分为空
blocked		#nginx日志中referer部分没有携带协议，没有http或者https
server_names	#nginx日志中referer部分为指定的域名

4.防盗链配置

[root@web02 /code/beidaolian]# cat /etc/nginx/conf.d/beidaolian.conf 
server {
	listen 80;
	server_name linux.beidaolian.com;

	location / {
		root /code/beidaolian;
		index index.html;
	}

	location ~* \.jpg$ {
		root /code/beidaolian;
		#valid_referers none blocked server_name linux.beidaolian.com *.baidu.com;
		valid_referers none blocked linux.beidaolian.com;
		if ($invalid_referer) {
    		return 403;
		}
	}
}

5.伪造referer请求头

[root@web01 ~]# curl -e "http://linux.daolian.com" -I linux.beidaolian.com/1.jpg
HTTP/1.1 500 Internal Server Error
Server: nginx/1.18.0
Date: Fri, 11 Sep 2020 08:23:52 GMT
Content-Type: text/html
Content-Length: 177
Connection: close

[root@web01 ~]# curl -e "http://linux.beidaolian.com" -I linux.beidaolian.com/1.jpg
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 11 Sep 2020 08:24:19 GMT
Content-Type: image/jpeg
Content-Length: 18632
Last-Modified: Fri, 11 Sep 2020 07:57:48 GMT
Connection: keep-alive
ETag: "5f5b2dfc-48c8"
Accept-Ranges: bytes