Of Stack

3 ways to prevent hotlinking by Nginx

  • 2020-05-06 12:13:29
  • OfStack
1: general anti-hotlinking is as follows: 
 
location ~* \.(gif|jpg|png|swf|flv)$ { 
valid_referers none blocked www.jb51.net jb51.net ; 
if ($invalid_referer) { 
rewrite ^/ //www.jb51.net/retrun.html; 
#return 403; 
} 
}

First line: gif|jpg|png|swf|flv
Means to implement hotlinking
for files with gif, jpg, png, swf, flv suffixes The second line: indicates the judgment of www.ingnix.com if {} in the content of the mean, if the route is not specified route will jump to / / www jb51. net/retrun html page, direct return to 403, of course, is also possible.

ii: prevent hotlinking
for image catalogs 
 
location /images/ { 
alias /data/images/; 
valid_referers none blocked server_names *.xok.la xok.la ; 
if ($invalid_referer) {return 403;} 
}

iii: the third party module ngx_http_accesskey_module is used to implement Nginx anti-hotlinking
is implemented as follows:

The implementation is as follows:
1. Download NginxHttpAccessKeyModule module file: Nginx-accesskey-2.0.3.tar.gz;
2. After unzipping this file, find the config file under nginx-accesskey-2.0.3. Edit this file: replace "$HTTP_ACCESSKEY_MODULE" with "ngx_http_accesskey_module";
3. Recompile nginx:
with the following parameters ./configure --add-module=path/to/nginx-accesskey
4. Modify nginx's conf file by adding the following lines:
location /download {
  accesskey                         on;
  accesskey_hashmethod   md5;
  accesskey_arg                 "key";
  accesskey_signature     "mypass$remote_addr";
}
Among them:
accesskey is the module switch;
accesskey_hashmethod is the encryption method MD5 or SHA-1;
accesskey_arg is the keyword parameter in url;
accesskey_signature is the encrypted value, which is the string composed of mypass and access IP.

Access the test script es1064en.php:
< ?
$ipkey= md5("mypass".$_SERVER['REMOTE_ADDR']);
$output_add_key=" < a href=//www.jb51.net/download/G3200507120520LM.rar?key=".$ipkey." > download_add_key < /a > < br / > ";
$output_org_url=" < a href=//www.jb51.net/download/G3200507120520LM.rar > download_org_path < /a > < br / > ";
echo $output_add_key;
echo $output_org_url;
? >
The first download_add_key link is available for download, and the second download_org_path returns a 403 Forbidden error.

Reference:
NginxHttpAccessKeyModule

Related articles: