盗链
通过在自己网站里面'引用别人的资源链接','盗用'人家的劳动和资源
referer
referer是记录打开一个页面之前记录是从哪个页面跳转过来的标记信息
正常的referer信息
none:请求报文首部没有referer首部,比如用户直接在浏览器输入域名访问web网站,就没有referer信息。
blocked:请求报文有referer⾸首部,但无有效值,比如为空。
server_names:referer首部中包含本主机名及即nginx 监听的server_name。
arbitrary_string:自定义指定字符串,但可使用*作通配符。
regular expression:被指定的正则表达式模式匹配到的字符串,要使用~开头,例如:
~.*\.magedu\.com。
实现web盗链
配置nginx.conf文件
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
access_log logs/access.log access_json;
server {
listen 80;
server_name www.xfxq.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /data/nginx/html;
index index.html index.htm;
}配置index.html文件
<html>
<body>
<meta charset="utf-8">
<a href="http://www.fxq.com">盗链</a>
<img src="http://www.fxq.com/1.jpg">
</body>
</html>
</html>查看图片
查看日志
实现防盗链
http:// https://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers
格式
valid_referers none blocked server_names
*.example.com example.* www.example.org/galleries/
~\.google\.; 定义有效的referer
if ($invalid_referer) { 如是使用其他的无效的referer访问:
return 403; 返回状态码403
} 定义防盗链
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.fxq.com.crt;
ssl_certificate_key /apps/nginx/certs/www.fxq.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.fxq.com;
location / {
root /data/nginx/html/pc;
index index.html;
}
location = /favicon.ico {
root /data/nginx/html/pc;
}
location = /1.jpg{
root /data/nginx/static;
valid_referers none blocked server_names
~\.google\.;
if ($invalid_referer) {
return 403;
}
}
}
[ro访问结果
