时间戳

首页 > 解决方案 > 在 nginx 中启用盗链保护

nginx - 在 nginx 中启用盗链保护

问题描述

好的,我已经尝试了几个月,并决定再试一次。仍然给我同样的结果。如果另一个域试图在他们的网站上显示其中一个图像,我的图像就会被阻止,而且 mydomain.com(或我的实际域)也被阻止加载任何图像。

网站上的ssl与此有关吗?我是不是把位置放~ \.(jpe?g|png|gif)$错地方了?我在 Windows 上运行 nginx 1.19.0。

server {
        listen 443 ssl;

        server_name mydomain www.mydomain.com;

        if ($host !~* ^www\.(.*)$) {
            return 301 https://www.$host$request_uri;
        }

        ssl_certificate         "D:/certificate.crt";
        ssl_certificate_key     "D:/private.key";
        ssl_session_cache       shared:SSL:1m;
        ssl_session_timeout     5m;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        ssl_protocols           TLSv1.2;


        root   "D:/MyWebsite";
        index  index.php index.html index.htm;


        location ~ \.php$ {
            root "D:/MyWebsite";
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            fastcgi_intercept_errors on;
        }

        location / {
            if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png)$") {
                # access_log off;
                expires 30d;
                add_header Pragma public;
                add_header Cache-Control "public";
                break;
            }
        }

        location ~ \.(jpe?g|png|gif)$ {
            valid_referers none blocked example.com *.example.com;

            if ($invalid_referer) {
                return 403;
            }
        }
}

我删除了相关域的访问日志文件并重新启动了 nginx。试图直接访问图像文件,但无法加载图像(被重定向到我在 nginx 中设置的 404 错误页面)。这是访问日志信息:

server_name="example.com" host="www.example.com" server_port="443" server_addr="192.168.1.101" remote_addr="192.168.1.101" realip_remote_addr="192.168.1.101" remote_user="-" time_local="09/Jul/2020:20:17:37 -0600" server_protocol="HTTP/1.1" status="404" bytes_sent="1301" upstream_bytes_received="2208" body_bytes_sent="843" http_referer="-" http_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" nginx_version="1.19.0" http_x_forwarded_for="-" http_x_header="-" query_string="-" uri="/Errors/404/index.php" http_method="GET" response_time="0.010" http_cookie="PHPSESSID=0000000009t654999999" request_time="0.010"
server_name="example.com" host="www.example.com" server_port="443" server_addr="192.168.1.101" remote_addr="192.168.1.101" realip_remote_addr="192.168.1.101" remote_user="-" time_local="09/Jul/2020:20:17:37 -0600" server_protocol="HTTP/1.1" status="200" bytes_sent="1092" upstream_bytes_received="-" body_bytes_sent="807" http_referer="https://www.example.com/content/somefolder/pix.jpg" http_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" nginx_version="1.19.0" http_x_forwarded_for="-" http_x_header="-" query_string="random=1594347457" uri="/Libraries/Custom/Custom.js" http_method="GET" response_time="-" http_cookie="PHPSESSID=0000000009t654999999" request_time="0.000"
server_name="example.com" host="www.example.com" server_port="443" server_addr="192.168.1.101" remote_addr="192.168.1.101" realip_remote_addr="192.168.1.101" remote_user="-" time_local="09/Jul/2020:20:17:37 -0600" server_protocol="HTTP/1.1" status="200" bytes_sent="956" upstream_bytes_received="-" body_bytes_sent="671" http_referer="https://www.example.com/content/somefolder/pix.jpg" http_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" nginx_version="1.19.0" http_x_forwarded_for="-" http_x_header="-" query_string="random=1594347457" uri="/Global.js" http_method="GET" response_time="-" http_cookie="PHPSESSID=0000000009t654999999" request_time="0.000"

标签: nginxconfigurationhotlinking

解决方案

推荐阅读