3 ways to prevent hotlinking by Nginx
- 2020-05-06 12:13:29
- OfStack
location ~* \.(gif|jpg|png|swf|flv)$ {
valid_referers none blocked www.jb51.net jb51.net ;
if ($invalid_referer) {
rewrite ^/ //www.jb51.net/retrun.html;
#return 403;
}
}
First line: gif|jpg|png|swf|flv
Means to implement hotlinking
for files with gif, jpg, png, swf, flv suffixes The second line: indicates the judgment of www.ingnix.com if {} in the content of the mean, if the route is not specified route will jump to / / www jb51. net/retrun html page, direct return to 403, of course, is also possible.
ii: prevent hotlinking
for image catalogs
location /images/ {
alias /data/images/;
valid_referers none blocked server_names *.xok.la xok.la ;
if ($invalid_referer) {return 403;}
}
iii: the third party module ngx_http_accesskey_module is used to implement Nginx anti-hotlinking
is implemented as follows:
The implementation is as follows:
1. Download NginxHttpAccessKeyModule module file: Nginx-accesskey-2.0.3.tar.gz;
2. After unzipping this file, find the config file under nginx-accesskey-2.0.3. Edit this file: replace "$HTTP_ACCESSKEY_MODULE" with "ngx_http_accesskey_module";
3. Recompile nginx:
with the following parameters
./configure --add-module=path/to/nginx-accesskey
4. Modify nginx's conf file by adding the following lines:
location /download {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key";
accesskey_signature "mypass$remote_addr";
}
Among them:
accesskey is the module switch;
accesskey_hashmethod is the encryption method MD5 or SHA-1;
accesskey_arg is the keyword parameter in url;
accesskey_signature is the encrypted value, which is the string composed of mypass and access IP.
Access the test script es1064en.php:
<
?
$ipkey= md5("mypass".$_SERVER['REMOTE_ADDR']);
$output_add_key="
<
a href=//www.jb51.net/download/G3200507120520LM.rar?key=".$ipkey."
>
download_add_key
<
/a
>
<
br /
>
";
$output_org_url="
<
a href=//www.jb51.net/download/G3200507120520LM.rar
>
download_org_path
<
/a
>
<
br /
>
";
echo $output_add_key;
echo $output_org_url;
?
>
The first download_add_key link is available for download, and the second download_org_path returns a 403 Forbidden error.
Reference:
NginxHttpAccessKeyModule