Shulou(Shulou.com)06/01 Report--

This article mainly introduces the example analysis of cross-domain access scenario configuration and hotlink protection in Nginx, which has a certain reference value. Interested friends can refer to it. I hope you will learn a lot after reading this article. Let's take a look at it.

Cross-domain access control

Cross-domain access

Why browsers prohibit cross-domain access

Not safe, prone to CSRF attacks!

If the hacker-controlled website B adds malicious information to the response header that allows the client to visit site A, a CSRF attack will occur.

How to configure cross-domain access for Nginx

Add_header syntax

Syntax:add_header name value [always]

Default:-

Context:http, server, location, if in location

Grammatical explanation:

Add_header name value [always]

Name indicates the key returned by the response header

Value represents the value corresponding to the key returned by the response header

Add_header cross-domain configuration

Location. *\. (htm | html) ${add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS; root / opt/app/code;}

Hotlink protection

Hotlink protection purpose

Prevent resources from being embezzled.

Prevent abnormal user access, occupy website resources and affect website performance, which is bound to affect normal user access.

Hotlink protection configuration module based on http_referer

The ngx_http_referer_module module is used to prevent requests with invalid values in the "Referer" header field from accessing the site.

Give an example

Valid_referers none blocked server_names * .example.com example.* www.example.org/galleries/ ~\ .Google\; if ($invalid_referer) {return 403;}

Referer_hash_bucket_size syntax

Syntax: referer_hash_bucket_size size;

Default: referer_hash_bucket_size 64

Context: server, location

Grammatical explanation:

Referer_hash_bucket_size size; means to set the store size for a valid reference hash table.

Referer_hash_max_size syntax

Syntax: referer_hash_max_size size

Default: referer_hash_max_size 2048

Context: server, location

Grammatical explanation:

Referer_hash_max_size size; means to set the maximum size of the hash table for valid references.

Valid_referers syntax

Syntax: valid_referers none | blocked | server_names | string.

Default:-

Context: server, location

Grammatical explanation:

Valid_referers none | blocked | server_names | string.

None indicates that the "Referer" field is missing in the request header

Blocked means that the "Referer" field appears in the request header, but its value has been deleted by the firewall or proxy server; these values are strings that do not begin with "http://" or "https://"

Server_names indicates that the "Referer" request header field contains a server name

String means to define the server name and optional URI prefix. The beginning or end of the server name can contain "*". The server port in the "Referer" field is ignored during the check

A small case of hotlink protection

Touch test_referer.html (in the / op/app/code directory)

Imooc1 Zhang Biao

Configure hotlink protection if it is not transferred from the www.zhangbiao.com domain name, an error will be reported.

Location. *\. (jpg | gif | png) ${valid_referers none blocked www.zhangbiao.com; if ($invalid_referer) {return 403;} root / opt/app/code/images;} location ~ / test_refer.html {root / opt/app/code;}

Visit

Http://192.168.1.112/test_refer.html

Visit

Http://www.zhangbiao.com/test_refer.html

Allow other websites to access their own website resource configuration

Thank you for reading this article carefully. I hope the article "sample Analysis of Cross-domain access scenario configuration and hotlink Protection in Nginx" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.