0
点赞
收藏
分享

微信扫一扫

Nginx基础篇(19)防盗链模块

书写经典 2022-06-06 阅读 143

模块:ngx_http_referer_module

语法:

Syntax:   valid_referers none | blocked | server_names | string ...;
Default: —
Context: server, location

原理:

日志格式中的http_referer是记录,访问点引用的URL。也就是超链接的上一级地址。 通过这段地址,可以发现一种网络行为——盗链。非法盗链会影响站点的正常访问。 通过http_referer模块可以控制这一点。防止非法盗链现象。


未启动防盗链

a.com网站

vim /etc/nginx/conf.d/a.conf 

server {
access_log /var/log/nginx/a.com.log main;
#分离日志文件

listen 80;
server_name a.com;
location / {
root /a;
index index.html;
}}

vim /a/index.html
<img src='1.jpg' />

Nginx基础篇(19)防盗链模块_nginx

b.com网站

vim /etc/nginx/conf.d/b.conf 

server {
access_log /var/log/nginx/b.com.log main;
#分离日志文件

listen 80;
server_name b.com;
location / {
root /b;
index index.html;
}}

vim /b/index.html
<img src='http://a.com/1.jpg' />
盗用链接

Nginx基础篇(19)防盗链模块_linux_02

访问两个网站页面。均能正常显示图片


日志文件

b.com

192.168.19.100 - - [06/Jun/2022:22:40:48 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-"

日志正常

a.com

192.168.19.100 - - [06/Jun/2022:22:40:47 +0800] "GET /1.jpg HTTP/1.1" 304 0 "http://a.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-"
192.168.19.102 - - [06/Jun/2022:22:40:48 +0800] "GET /1.jpg HTTP/1.1" 304 0 "http://b.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-"

观察referer字段,发现被盗链了


启动防盗链

  location / {
root /a;
index index.html;
valid_referers none blocked *.a.com;
if ($invalid_referer) {
return 403;
}
}

重启服务

Nginx基础篇(19)防盗链模块_nginx_03

 再次访问b.com网站,盗链失败


白名单功能

location / {
root /a.com;
index index.html index.htm;

valid_referers none blocked *.a.com server_name 192.168.19.* ~tianyun ~\.google\. ~\.baidu\. .com;
if ($invalid_referer) {
return 403;
}
}


举报

相关推荐

0 条评论