Web安全 之 防盗链

2018-04-24  本文已影响39人  诺之林

本文环境基于Ubuntu1604

目录

站点A

vim /home/saas/hotlink/a.html
<!doctype html>
<html lang="zh-CN">
<head>
    <title>a</title>
</head>
<body>
    <div>a</div>
    <img src="http://s.hotlink.test/hotlink-success.png" alt="hotlink-success.png" />
</body>
</html>

站点B

vim /home/saas/hotlink/b.html
<!doctype html>
<html lang="zh-CN">
<head>
    <title>b</title>
</head>
<body>
    <div>b</div>
    <img src="http://s.hotlink.test/hotlink-success.png" alt="hotlink-success.png" />
</body>
</html>

静态资源

这里 我们使用文字在线转图片_改图吧生成两张测试用的静态资源图片

hotlink-protection-01.png hotlink-protection-02.jpeg

注意: 防盗链返回的图片后缀名是.jpeg 可以在这里转换图片格式转换

接着 将上述两张图片放至/home/saas/hotlink/文件夹下

Nginx配置

sudo vim /etc/nginx/sites-enabled/hotlink.conf
server {
    listen 80;
    server_name a.hotlink.test;

    root /home/saas/hotlink;

    location / {
        try_files /a.html $uri;
    }
}

server {
    listen 80;
    server_name b.hotlink.test;

    root /home/saas/hotlink;

    location / {
        try_files /b.html $uri;
    }
}

server {
    listen 80;
    server_name s.hotlink.test;

    root /home/saas/hotlink;

    location ~ .(gif|png|jpg)$ {
        valid_referers none blocked a.hotlink.test *.a.hotlink.test s.hotlink.test *.s.hotlink.test;
        if ($invalid_referer) {
            rewrite (.*)\.(gif|png|jpg)$ http://s.hotlink.test/hotlink-warning.jpeg;
        }
    }
}

注意: 这里rewrite资源的后缀名".jpeg"不能和"location ~ .(gif|png|jpg)$"相冲突 详细参考nginx图片防盗链配置方法

sudo nginx -t 

sudo nginx -s reload

测试

sudo sh -c "echo '192.168.56.222 a.hotlink.test' >> /etc/hosts"

sudo sh -c "echo '192.168.56.222 b.hotlink.test' >> /etc/hosts"

sudo sh -c "echo '192.168.56.222 s.hotlink.test' >> /etc/hosts"
hotlink-protection-03.png hotlink-protection-04.png

参考

上一篇 下一篇

猜你喜欢

热点阅读