nginx - 在 nginx 中启用盗链保护
问题描述
好的,我已经尝试了几个月,并决定再试一次。仍然给我同样的结果。如果另一个域试图在他们的网站上显示其中一个图像,我的图像就会被阻止,而且 mydomain.com(或我的实际域)也被阻止加载任何图像。
网站上的ssl与此有关吗?我是不是把位置放~ \.(jpe?g|png|gif)$
错地方了?我在 Windows 上运行 nginx 1.19.0。
server {
listen 443 ssl;
server_name mydomain www.mydomain.com;
if ($host !~* ^www\.(.*)$) {
return 301 https://www.$host$request_uri;
}
ssl_certificate "D:/certificate.crt";
ssl_certificate_key "D:/private.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
root "D:/MyWebsite";
index index.php index.html index.htm;
location ~ \.php$ {
root "D:/MyWebsite";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
}
location / {
if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png)$") {
# access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
break;
}
}
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}
}
我删除了相关域的访问日志文件并重新启动了 nginx。试图直接访问图像文件,但无法加载图像(被重定向到我在 nginx 中设置的 404 错误页面)。这是访问日志信息:
server_name="example.com" host="www.example.com" server_port="443" server_addr="192.168.1.101" remote_addr="192.168.1.101" realip_remote_addr="192.168.1.101" remote_user="-" time_local="09/Jul/2020:20:17:37 -0600" server_protocol="HTTP/1.1" status="404" bytes_sent="1301" upstream_bytes_received="2208" body_bytes_sent="843" http_referer="-" http_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" nginx_version="1.19.0" http_x_forwarded_for="-" http_x_header="-" query_string="-" uri="/Errors/404/index.php" http_method="GET" response_time="0.010" http_cookie="PHPSESSID=0000000009t654999999" request_time="0.010"
server_name="example.com" host="www.example.com" server_port="443" server_addr="192.168.1.101" remote_addr="192.168.1.101" realip_remote_addr="192.168.1.101" remote_user="-" time_local="09/Jul/2020:20:17:37 -0600" server_protocol="HTTP/1.1" status="200" bytes_sent="1092" upstream_bytes_received="-" body_bytes_sent="807" http_referer="https://www.example.com/content/somefolder/pix.jpg" http_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" nginx_version="1.19.0" http_x_forwarded_for="-" http_x_header="-" query_string="random=1594347457" uri="/Libraries/Custom/Custom.js" http_method="GET" response_time="-" http_cookie="PHPSESSID=0000000009t654999999" request_time="0.000"
server_name="example.com" host="www.example.com" server_port="443" server_addr="192.168.1.101" remote_addr="192.168.1.101" realip_remote_addr="192.168.1.101" remote_user="-" time_local="09/Jul/2020:20:17:37 -0600" server_protocol="HTTP/1.1" status="200" bytes_sent="956" upstream_bytes_received="-" body_bytes_sent="671" http_referer="https://www.example.com/content/somefolder/pix.jpg" http_user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" nginx_version="1.19.0" http_x_forwarded_for="-" http_x_header="-" query_string="random=1594347457" uri="/Global.js" http_method="GET" response_time="-" http_cookie="PHPSESSID=0000000009t654999999" request_time="0.000"
解决方案
推荐阅读
- typescript - 更窄的类型不能分配给其他
- java - Spring Boot 中的多线程 cron 作业
- wso2 - 我可以将多个 WSO2 API 管理器(AM)与单个 WSO2 身份服务器(IS)链接吗?
- forms - Symfony 营业时间表格
- angular - 新版本的@ngrx 效果不可分配给类型 'Observable
- vba - 动态创建按钮并添加 OnClick 事件
- java - 短而频繁的工作:HandlerThread 还是 ThreadPoolExecutor?
- scala - 如何在 Play Framework 的 Twirl 中将隐式值从一个模板布局传递到另一个模板布局?
- node.js - 如何将请求参数从 Express 服务器发送到 React 应用程序?
- python - 获取 pandas.read_csv 将空字段读取为 NaN,将空字符串读取为空字符串