盗链与防盗链配置
1.盗链
服务机准备资源(10.12.153.43)
#在/usr/local/nginx/html/存放tupian1.jpg tupian.jpg
vim /usr/local/nginx/html/index.html
<html>
<head>
<meta charset="utf-8">
<title> zbw.com</title>
</head>
<body style="background-collor:#0000F;">
<img src="./tupian1.jpg"/>
<img src="./tupian.jpg"/>
</body>
</html>
客户端配置(10.12.153.220)
#vim /usr/share/nginx/html/index.html
<html>
<head>
<meta charset="utf-8">
<title>test.com</title>
</head>
<body style="background-collor:rgb(84, 159, 19);">
<img src="http://10.12.153.43/tupian.jpg"/>
<img src="http://10.12.153.43/tupian1.jpg"/>
</body>
</html>
#访问10.12.153.220就可以查看10.12.153.43上的资源
2.防盗链配置
配置要点:
[root@nginx-server ~]# vim /etc/nginx/nginx.conf
# 日志格式添加"$http_referer"
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# valid_referers 使用方式
Syntax: valid_referers none | blocked | server_names | string ...;
Default: —
Context: server, location
* none : 允许没有http_refer的请求访问资源; * blocked : 允许不是http://开头的,不带协议的请求访问资源; * server_names : 只允许指定ip/域名来的请求访问资源(白名单);
配置语法
[root@nginx-server html]# vim /etc/nginx/conf.d/nginx.conf
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
valid_referers none blocked *.qf.com 10.0.105.202;
if ($invalid_referer) {
return 502;
}
}
location ~ .*\.(gif|jpg|png|jpeg)$ {
root /usr/share/nginx/html;
valid_referers qf.com 10.0.105.202;
if ($invalid_referer) {
return 403;
}
}
}
重载nginx服务
[root@nginx-server ~]# nginx -s reload -c /etc/nginx/nginx.conf