Implementation of nginx hotlink protection deployment under Linux Centos7 01/18 Update SLTechnology News&Howtos

Implementation of nginx hotlink protection deployment under Linux Centos7

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

I. Principle:

nginx prevents website resources from being stolen module

ngx_http_referer_module

HTTP Referer is part of the Header, when the browser sends a request to the Web server, it usually brings the Referer, telling the server which page I linked from, and the server can obtain some information for processing, such as preventing unauthorized website piloting pictures, files, etc. Therefore HTTP Referer header information can be generated through the program to disguise, so the anti-theft chain through Referer information is not 100% reliable, but it can limit most of the theft chain.

II. Anti-theft chain configuration

[root@nginx-server ~]# vim /etc/nginx/nginx.conf

Add "$http_referrer" to the log format, which is already open by default and does not need to be operated.

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

3. Configure the original server

Two machines, one picture.

1. Edit the html file under the website publishing directory and prepare a picture named 33.jpg, where the website publishing directory is/web1

vim /web1/index.html hostphoto.com

2. Edit the nginx child configuration file

location / { root /web1; index index.html index.htm; valid_referers none blocked 192.168.16.150; if ($invalid_referer) { return 403; } }

none : Allow access to resources without http_refer requests;

blocked : Allow access to resources without protocols that do not begin with http://--filtered by firewalls;

server_names : only requests from specified ip/domain names are allowed to access resources (whitelist);

3, check the configuration file for errors, no error reload.

nginx -tnginx -s reload

4. Configure the server to be stolen

1. Configure nginx access pages and create directories

location / { root /web1; index index.html index.htm; }mkdir /web1

2. Create a page

vim /web1/index.html

V. Testing

When the anti-theft chain is turned on, access to the server to be stolen, the picture does not show up.

After annotating the anti-theft chain code, visit the server to be stolen and the picture can be displayed.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.