Of Stack

The method of preventing hotlinking under Nginx server is introduced

  • 2020-05-09 19:57:41
  • OfStack

Modify/usr/local/nginx/conf/nginx conf this configuration file.

find 


 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires   30d;
}[/code]

Modified to: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}

Line 1: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

Among them, "gif|jpg|jpeg|png|bmp|swf" is set to prevent hotlinking file type, and it is modified by itself. Each suffix is separated with "|" symbol!

Line 3: 


valid_referers none blocked *.jannn.com jannn.com;

Is the whitelist, allows the file chain out of the domain name whitelist, modify your domain name! *.jannn.com this refers to the subdomain name, the domain name and the domain name is separated by a space!

Line 5: 


rewrite ^/ http://www.jannn.com/404.jpg;

This image is the image returned by hotlinking, which is to replace all the hotlinking images on the hotlinking website. This picture should be placed on the website without anti-hotlinking setting, because of the anti-hotlinking effect, if this picture is also placed on the anti-hotlinking website, it will be regarded as anti-hotlinking and cannot be displayed, and the hotlinking picture on the website of hotlinking will show the X symbol.

This setting can almost play a role in preventing hotlinking, said above, so it is not completely to achieve the real sense of the anti-hotlinking!

Let's look at line 3: 


valid_referers none blocked *.jannn.com jannn.com;

valid_referers, none blocked

Let's get rid of "none blocked" and change it to 


valid_referers *.jannn.com jannn.com;

The complete code for nginx's complete implementation of true anti-hotlinking should look like this: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers *.jannn.com jannn.com;

if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;

In this way, you enter the image address directly in the browser so that the image will not be displayed, and it is not possible to save what will be right click.

Line 5: 


rewrite ^/ http://www.jannn.com/404.jpg;

This is the anti-hotlinking anti-hotlinking setting for the image back to the image, if we are files need to be anti-hotlinking download, put the fifth line: 


rewrite ^/ http://www.jannn.com/404.jpg;

Change it to 1 link, which can be the link of your main site. For example, change the fifth line to the homepage of xiaojian blog: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
0

In this way, when someone enters the file download address, the anti-hotlinking download will jump to the link you set!

Finally, the configuration file Settings are complete and don't forget to restart nginx to take effect!

Smooth restart nginx: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
1

The following methods:

Text: Nginx anti-hotlinking

1 the usual method is to add it in server or location! 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
2

See the example below

1. For different file types
That article above is detailed and the practice that passes oneself, it is feasible however, say on the net mostly 


location ~* \.(gif|jpg|jpeg|png|bmp|txt|zip|jar|swf)$ {
valid_referers none blocked *.mynginx.com;
if ($invalid_referer) {
rewrite ^/ http://www.mynginx.com/daolian.gif;
#return 403;
}

Add this code to the server segment, but there's more to it later 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
4

These two pieces of code must be combined into one, otherwise anti-hotlinking will not work. It is a little strange that I opened to prevent hotlinking for a few days, but there was no fund to prevent hotlinking pictures. After a few days, they appeared. I don't know why, but you can tell me what you know.
2. For different directories 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
5

The above is the built-in hotlinking protection function of nginx.

3. The third module of nginx, ngx_http_accesskey_module, implements anti-hotlinking for downloading files

Install the Nginx and nginx-http-access modules 

 #tar zxvf nginx-0.7.61.tar.gz

#cd nginx-0.7.61/

#tar xvfz nginx-accesskey-2.0.3.tar.gz

#cd nginx-accesskey-2.0.3

#vi config

# the HTTP_MODULES="$HTTP_MODULES $HTTP_ACCESSKEY_MODULE"

# Modified into HTTP_MODULES="$HTTP_MODULESngx_http_accesskey_module

#( This is for this module 1 a bug)

#./configure --user=www --group=www \

--prefix=/usr/local/nginx --with-http_stub_status_module \

--with-http_ssl_module --add-module=/root/nginx-accesskey-2.0.3

server{

.....

location /download {

accesskey             on;

accesskey_hashmethod  md5;

accesskey_arg         "key";

accesskey_signature   "mypass$remote_addr";

}

}

/download for you to download the directory.

The download path format generated by foreground php is:

1.http://*****.com/download/1.zip?key= < ?php echo md5('mypass'.$_SERVER["REMOTE_ADDR"]);? >
Thus, when the access is not like parameter 1, when other users open, it appears: 403

The third module of NginxHttpAccessKeyModule is implemented as follows:

1. Download Nginx HttpAccessKeyModule module file: Nginx-accesskey-2.0.3.tar.gz;

2. After unzipping this file, locate the config file under nginx-accesskey-2.0.3. Edit this file: replace "$HTTP_ACCESSKEY_MODULE" with "ngx_http_accesskey_module";

3. Recompile nginx with the following parameters:

./configure --add-module=path/to/nginx-accesskey

4. Modify the conf file of nginx and add the following lines: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
6

Among them:
accesskey is the module switch;
accesskey_hashmethod is the encryption method MD5 or SHA-1;
accesskey_arg is the keyword parameter in url;
accesskey_signature is the encrypted value, where it is mypass and the access IP string.
Access test script download.php: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.jannn.com jannn.com;
if($invalid_referer) {
rewrite ^/ http://www.jannn.com/404.jpg;
#return404;
}
expires   30d;
}
7

The first download_add_key link can be downloaded normally. The second download_org_path link will return 403 Forbidden error.

It is recommended to use Nginx HttpAccessKeyModule if you bother to implement it conditionally.

Here's how it works: for example, I have a file file.zip in my download directory. Corresponding URI http: / / www yiibase. com/download/file zip
After using ngx_http_accesskey_module module http: / / www yiibase. com/download/file zip & # 63; key=09093abeac094. Only if the given key value is correct can file.zip in the download directory be downloaded. Moreover, the key value is dependent on the user's IP, so it can avoid being hotlinking.

It is said that Nginx HttpAccessKeyModule can now defend against thunderbolt. You can try 1.

Related articles: