Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to use the referrer command to configure the anti-theft chain in nginx. Many people may not know much about it. In order to let everyone know more, Xiaobian summarized the following contents for everyone. I hope everyone can gain something according to this article.

To achieve the picture anti-theft chain:

1

location ~* \. (gif|jpg|png|webp)$ { valid_referers none blocked domain.com *.domain.com server_names ~\.google\. ~\.baidu\.; if ($invalid_referer) { return 403; #rewrite ^/ /2018img/2018/09/25181003.jpg; } root /opt/www/image; }

All of the above sites from domain.com and domain names as well as baidu and google can access the current site image, if the source domain name is not in this list, then $invalid_referer is equal to 1, in the if statement returns a 403 to the user, so that the user will see a 403 page, if you use the following rewrite, then the stolen link image will show 403.jpg. None rule allows empty referrer access, that is, when the image is opened directly in the browser and the referrer is empty, the image can still be displayed normally.

1

[root@loya ~]# curl -I /2018img/2018/09/25181009.jpg -H 'Referer:http://www.baidu.com'HTTP/1.1 200 OKServer: nginx/1.8.1Date: Fri, 16 Dec 2016 14:56:51 GMTContent-Type: image/jpegContent-Length: 17746Last-Modified: Tue, 16 Aug 2016 03:20:21 GMTConnection: keep-aliveETag: "57b28675-4552"Accept-Ranges: bytes[root@loya ~]# curl -I /2018img/2018/09/25181009.jpg -H 'Referer:http://www.qq.com'HTTP/1.1 403 ForbiddenServer: nginx/1.8.1Date: Fri, 16 Dec 2016 14:56:58 GMTContent-Type: text/html; charset=utf-8Content-Length: 168Connection: keep-alive

instructions

Syntax: valid_references none| blocked | server_names |string http://www.bbqmw.net/qm_scbzqmz/…;

Configuration segment: server, location

Specify the valid source 'referender', which determines the value of the built-in variable $invalid_referender, which is set to 0 if the referender header is included in the valid URL, otherwise set to 1. Note that this is not case-sensitive.

Parameter Description:

none "Referer" is empty blocked "Referer" is not empty, but the value inside is deleted by proxy or firewall. These values do not start with http://or https://, but are of the form "Referer: XXXXXXX" server_names "Referer" source header contains the current server_names (current domain name) arbitrary string, defining the server name or optional URI prefix. Hostnames can start with or end with *. Host ports in the source domain name will be ignored in the process of detecting the source header. Regular expression ~ means to exclude strings starting with https://or http://.

After reading the above, do you have any further understanding of how to configure the anti-theft chain using the referrer command in nginx? If you still want to know more knowledge or related content, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.