Nginx防盗链与访问控制

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx防盗链与访问控制相关的知识,希望对你有一定的参考价值。

防盗链

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf 

server

{

    listen 80 default_server;  

    server_name aaa.com;

    index index.html index.htm index.php;

    root /data/wwwroot/default;

    access_log /tmp/default.log juispan;

    location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$

    {

        expires 7d;

        valid_referers none blocked server_names  *.aaa.com ;

        if ($invalid_referer) {

            return 403;

        }

    access_log off;

    }

}

2、检查与重载

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# curl -x127.0.0.1:80 aaa.com/pic001.gif -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 21:51:35 GMT

Content-Type: image/gif

Content-Length: 66698

Last-Modified: Sat, 12 Aug 2017 03:29:18 GMT

Connection: keep-alive

ETag: "598e760e-1048a"

Expires: Mon, 21 Aug 2017 21:51:35 GMT

Cache-Control: max-age=604800

Accept-Ranges: bytes

 

[[email protected] ~]# curl -e "http://www.hao123.com" -x127.0.0.1:80 aaa.com/pic001.gif -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 21:52:18 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

访问控制

限制目录

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf 

server

{

    listen 80 default_server;  

    server_name aaa.com;

    index index.html index.htm index.php;

    root /data/wwwroot/default;

    access_log /tmp/default.log juispan;

    location /admin/

    {

        allow 127.0.0.1;

        deny all;

    }

}

2、检查与重载

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# mkdir /data/wwwroot/default/admin

[[email protected] ~]# echo "test" > /data/wwwroot/default/admin/1.html

[[email protected] ~]# curl -x127.0.0.1:80 aaa.com/admin/1.html -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:13:08 GMT

Content-Type: text/html

Content-Length: 5

Last-Modified: Mon, 14 Aug 2017 22:03:03 GMT

Connection: keep-alive

ETag: "59921e17-5"

Accept-Ranges: bytes

 

[[email protected] ~]# curl -x122.112.253.88:80 aaa.com/admin/1.html -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:13:13 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

限制文件

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf 

server

{

    listen 80 default_server;  

    server_name aaa.com;

    index index.html index.htm index.php;

    root /data/wwwroot/default;

    access_log /tmp/default.log juispan;

    location ~ .*(upload|image)/.*\.php$

    {

        deny all;

    }

}

2、检查与重载

[[email protected] ~]# mkdir /data/wwwroot/default/upload

[[email protected] ~]# echo "test" > /data/wwwroot/default/upload/1.php

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# curl -x127.0.0.1:80 aaa.com/upload/1.php -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:19:25 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

限制user-agent

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf 

server

{

    listen 80 default_server;  

    server_name aaa.com;

    index index.html index.htm index.php;

    root /data/wwwroot/default;

    access_log /tmp/default.log juispan;

    if ($http_user_agent ~* ‘Spider/3.0|YoudaoBot|Tomato‘) ##星号忽略大小写

    {

         return 403;

    }

}

2、检查与重载

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# curl -A "apple" -x127.0.0.1:80 aaa.com/upload/1.php -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:31:09 GMT

Content-Type: application/octet-stream

Content-Length: 5

Last-Modified: Mon, 14 Aug 2017 22:17:17 GMT

Connection: keep-alive

ETag: "5992216d-5"

Accept-Ranges: bytes

 

[[email protected] ~]# curl -A "tomato" -x127.0.0.1:80 aaa.com/upload/1.php -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:30:26 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

以上是关于Nginx防盗链与访问控制的主要内容,如果未能解决你的问题,请参考以下文章

Nginx的防盗链Nginx的访问控制Nginx解析php的配置Nginx代理

四十九Nginx防盗链Nginx访问控制Nginx解析PHP相关配置Nginx代理

LAMP-防盗链与访问控制

nginx:默认网站 访问控制 登录验证 日志管理 防盗链

Nginx配置:防盗链访问控制解析PHP以及代理

92.Nginx配置:防盗链访问控制解析PHP以及代理