1. 防盜鏈配置

配置要點(diǎn)

• none : 允許沒有http_refer的請(qǐng)求訪問資源；
• blocked : 允許不是http://開頭的，不帶協(xié)議的請(qǐng)求訪問資源；
• 119.28.190.215 : 只允許指定ip來的請(qǐng)求訪問資源；

location ~ .*\.(jpg|gif|png)$ {
    valid_referers none blocked 119.28.190.215;
    if ($invalid_referer) {
        return 403;
    }
    root  /opt/app/code/images;
}

2. 重載nginx服務(wù)

[root@localhost ~]# nginx -s reload -c /etc/nginx/nginx.conf

3. 測(cè)試防盜鏈

3.1 不帶http_refer

[root@VM_0_15_centos code]# curl -I http://119.28.190.215/1.jpg
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 30 Nov 2017 18:26:10 GMT
Content-Type: image/jpeg
Content-Length: 68227
Last-Modified: Thu, 30 Nov 2017 17:46:19 GMT
Connection: keep-alive
ETag: "5a2043eb-10a83"
Accept-Ranges: bytes

3.2 帶非法http_refer

[root@VM_0_15_centos code]# curl -e "http://www.baidu.com" -I http://119.28.190.215/1.jpg
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 30 Nov 2017 18:25:52 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

3.3 帶合法http_refer

[root@VM_0_15_centos code]# curl -e "http://119.28.190.215" -I http://119.28.190.215/1.jpg
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 30 Nov 2017 18:27:30 GMT
Content-Type: image/jpeg
Content-Length: 68227
Last-Modified: Thu, 30 Nov 2017 17:46:19 GMT
Connection: keep-alive
ETag: "5a2043eb-10a83"
Accept-Ranges: bytes

4. 其他配置

4.1 匹配域名

location ~ .*\.(jpg|gif|png)$ {
    valid_referers ~/google\./;
    if ($invalid_referer) {
        return 403;
    }
    root  /opt/app/code/images;
}