Shulou(Shulou.com)06/03 Report--

Nginx hotlink protection settings

​ for pictures, website A, if you want to use the picture of site B, you can directly write the link address of the picture of site B, or download the picture of site B to the local place by right-clicking and saving as, and then use it on the page. If website B does not want website A to do this, then website B can take hotlink protection measures to do the job. As a result, website A wants to request the necessary resources. Through the way of url, it may not get the original picture, and 404 or other pictures may be replaced. If you open the image url directly through the browser, it is still possible to display 404, which is hotlink protection.

​, let's start with the operation process of stealing links: that is, how to make pirated websites-- stealing pictures of other people (other servers).

Deployment preparation for ​ environment: a manually compiled nginx server (Centos7), a win10 virtual machine for hotlink, and a win10-1 host for testing

The nginx service on the 1.nginx server is on

[root@localhost nginx-1.12.2] # netstat-natp | grep nginxtcp 0 0 0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0 of LISTEN 18676/nginx: master.

There are 0.jpg pictures in the site directory on the 2.nginx server and their relative paths are written to the index.html file

[root@localhost html] # ls0.jpg 50x.html index.html [root@localhost html] # vim index.html [root@localhost html] # sed-n '15p' index.html

Configure domain name resolution on the 3.nginx server: refer to blog: nginx virtual host configuration first step, and then verify in the local Firefox browser

[root@localhost html] # netstat-natp | grep namedtcp 0 192.168.68.145 natp 53 0.0.0.0 LISTEN 72573/named tcp 0 0127.0.1 natp 53 0.0.0.0 LISTEN 72573/named tcp 0 0127.0.0. 1LISTEN 72573/named 953 0.0.0.0 LISTEN 72573/named tcp6 0:: 1:53:: * LISTEN 72573/named tcp6 0 0: * LISTEN 72573/named

Set the network dns domain name server address to the ip address of the nginx server on both 4.win10 and win10-1 virtual machines and verify that it is resolved properly on the command line

5. Make the following configuration on the win10 virtual machine that is doing hotlink:

This is the process of simulating hotlink configuration.

Start to verify whether the hotlink is set successfully.

Test on win10 first: you can enter a domain name.

IP address of win10:

Testing on win10-1

The above is the operation process of hotlink configuration!

Stealing links is shameful, because it is equivalent to "Borrow the chicken to make the egg", which not only steals other people's resources, but also takes up other people's server bandwidth, thus benefiting oneself.

Therefore, we need to protect against this, that is, to set hotlink protection. The specific operation process is as follows:

[root@localhost html] # vim / usr/local/nginx/conf/nginx.conf [root@localhost html] # sed-n'56 61p'/ usr/local/nginx/conf/nginx.conf location ~ *\. (jpg | gif | swf) ${valid_referers none blocked *. Lokott.com lokott.com; if ($invalid_referer) {rewrite ^ / http://www.lokott.com/error.png; }} [root@localhost html] # ls0.jpg 50x.html error.png index.html [root@localhost html] # vim / usr/local/nginx/conf/nginx.conf [root@localhost html] # sed-n'56 61p'/ usr/local/nginx/conf/nginx.conf location ~ *\. (jpg | gif | swf) ${valid_referers none blocked *. Lokott.com lokott.com If ($invalid_referer) {rewrite ^ / http://www.lokott.com/error.png; }} [root@localhost html] # vim / etc/init.d/nginx / / write a nginx control script [root@localhost html] # cat / etcpool init.dAccord nginx control description Bash # chkconfig:-99 2 steps description: Nginx Service Control ScriptPROG= "/ usr/local/nginx/sbin/nginx" PIDF= "/ usr/local/nginx/logs/nginx.pid" case "$1" in start) $PROG ; stop) kill-s QUIT $(cat $PIDF);; restart) $0 stop $0 start;; reload) kill-s HUP $(cat $PIDF) *) echo "Usage: $0 {start | stop | restart | reload}" exit 1esacexit 0 [root@localhost html] # service nginx stop [root@localhost html] # service nginx start

Test on the original hotlink virtual machine win10:

In this way, we have completed the configuration of hotlink protection.

Summary

​ We configure hotlink through three virtual machines, and then configure hotlink protection-add control statements in the main configuration file to prevent other hosts from stealing links, so as to optimize our servers and make our servers more secure.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.