Of Stack

Configure the Nginx server to prevent image hotlinking using the referer directive

  • 2020-05-10 23:28:59
  • OfStack

Since nginx does not support.htaccess, it is not possible to prevent it directly from this aspect, we will fix it by modifying the configuration file.
First, we find the need to prevent hotlinking domain conf files, path: / usr local/nginx/conf vhost /, such as guance. com. conf. First back up the original file and then go to the following section: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

Change it to: 


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked www.ofstack.com ofstack.com;
if ($invalid_referer) {
rewrite ^/ //www.ofstack.com/404.jpg;
#return 404;
}
expires 30d;
}

Please modify the above content according to your personal situation, and I will give you a basic explanation:
Line 1 gif | jpg | jpeg | png... These are the file types you need to protect against hotlinking.
The third line is the domain name of your website, that is to say, the release of the domain name, if there are more than one, please add, pay attention to the space;
The fifth line is for hotlinking to see the image, return 1 404.jpg, this image source address is to be able to chain oh, otherwise, others see only 1 XX.
When done, save, upload to the original location overlay, and then restart lnmp to take effect. 


/root/lnmp restart

Introduction to the referer directive
Source ngx_http_referer_module nginx module is often used to stop illegal domain name request. We should bear in mind that camouflage Referer head is very simple thing, so this module can only be used to prevent most illegal request. We should keep in mind that some legal request will not take referer source head, so sometimes don't refuse to source (referer) for the request of the empty head.
Syntax: referer_hash_bucket_size size;
Default: referer_hash_bucket_size 64;
Configuration section: server, location
This command began appearing in nginx 1.0.5.
Sets the bucket size for the valid referers hash tables. The details of setting up hash tables are provided in a separate document.
Grammar:         referer_hash_max_size size;
Default:         referer_hash_max_size 2048;
Configuration section:         server, location
This command started appearing in nginx 1.0.5.
Sets the maximum size of the valid referers hash tables. The details of setting up hash tables are provided in a separate document.
Syntax: valid_referers none | blocked | server_names | string... ;
Default value: --
Configuration section: server, location
Specify the legal source 'referer', which determines the value of the built-in variable $invalid_referer. If the referer header is included in the legal url, this variable is set to 0, otherwise it is set to 1. Remember, it is case-insensitive.
Parameters that
none
"Referer" comes from a situation where the header is empty
blocked
The "Referer" source header is not empty, but the values inside have been removed by the proxy or firewall, none of which begins with http:// or https://.
server_names
The "Referer" source header contains the current server_names (current domain name)
arbitrary string
For any string, define the server name or the optional URI prefix. The host name can start or end with *, and the host port in the source domain will be ignored while the source header is being detected
regular expression
A regular expression,~, that excludes strings starting with https:// or http://.
The last
It is most reasonable to use the head of the source to prevent hotlinking. Simple and practical. But there is no way to prevent collection.

Related articles: