1. 程式人生 > >Nginx作為靜態資源web服務_防盜鏈目的

Nginx作為靜態資源web服務_防盜鏈目的

Nginx作為靜態資源web服務_防盜鏈目的

1、防盜鏈目的

    目的:防止資源被盜用。

    防止非正常使用者訪問,佔用網站資源,影響網站效能,勢必影響正常使用者訪問。

 

2、防盜鏈設定思路

       首要方式:區別哪些使用者是非正常的使用者請求。

 

3、基於http_referer防盜鏈配置模組

(1)http_referer_module作用

       ngx_http_referer_module模組用於阻止對“Referer”頭欄位中具有無效值的請求訪問站點。

 

       官網解釋:

The ngx_http_referer_module module is used to block access to a site for requests with invalid values in the “Referer” header field. It should be kept in mind that fabricating a request with an appropriate “Referer” field value is quite easy, and so the intended purpose of this module is not to block such requests thoroughly but to block the mass flow of requests sent by regular browsers. It should also be taken into consideration that regular browsers may not send the “Referer” field even for valid requests.

 

(2)舉例

valid_referers none blocked server_names

               *.example.com example.* www.example.org/galleries/

               ~\.google\.;

 

if ($invalid_referer) {

    return 403;

}

 

(3)referer_hash_bucket_size語法

Syntax:

referer_hash_bucket_size size;

Default:

referer_hash_bucket_size 64;

Context:

server, location

This directive appeared in version 1.0.5.

 

語法解釋:

referer_hash_bucket_size size;表示設定有效引用散列表的儲存區大小。

Sets the bucket size for the valid referers hash tables. The details of setting up hash tables are provided in a separate document.

 

(4)referer_hash_max_size 語法

Syntax:

referer_hash_max_size size;

Default:

referer_hash_max_size 2048;

Context:

server, location

This directive appeared in version 1.0.5.

 

語法解釋:

referer_hash_max_size size;表示設定有效引用者雜湊表的最大大小。

 

Sets the maximum size of the valid referers hash tables. The details of setting up hash tables are provided in a separate document.

 

(5)valid_referers語法

Syntax:

valid_referers none | blocked | server_names | string ...;

Default:

Context:

serverlocation

語法解釋:

valid_referers none | blocked | server_names | string ...;
none
表示請求標頭中缺少“Referer”欄位;

blocked表示“Referer”欄位出現在請求標頭中,但其值已被防火牆或代理伺服器刪除; 這些值是不以“http://”或“https://”開頭的字串;

server_names 表示“Referer”請求頭欄位包含一個伺服器名稱;

string 表示定義伺服器名稱和可選的URI字首。 伺服器名稱的開頭或結尾可以包含“*”。 在檢查期間,“Referer”欄位中的伺服器埠被忽略;

Specifies the “Referer” request header field values that will cause the embedded $invalid_referervariable to be set to an empty string. Otherwise, the variable will be set to “1”. Search for a match is case-insensitive.

Parameters can be as follows:

none

the “Referer” field is missing in the request header;

blocked

the “Referer” field is present in the request header, but its value has been deleted by a firewall or proxy server; such values are strings that do not start with “http://” or “https://”;

server_names

the “Referer” request header field contains one of the server names;

arbitrary string

defines a server name and an optional URI prefix. A server name can have an “*” at the beginning or end. During the checking, the server’s port in the “Referer” field is ignored;

regular expression

the first symbol should be a “~”. It should be noted that an expression will be matched against the text starting after the “http://” or “https://”.

Example:

valid_referers none blocked server_names
               *.example.com example.* www.example.org/galleries/
               ~\.google\.;

 

Embedded Variables

$invalid_referer

Empty string, if the “Referer” request header field value is considered valid, otherwise “1”.

 

(6)log_format裡面使用http_referer例子