一、一般的最簡單的對圖片防盜鏈的方法:
引用
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked www.wangqiao123.com wangqiao123.com;
if ($invalid_referer){
rewrite ^/ http://www.wangqiao123.com/return.html;
#return 403;
}
expires 15d;
}
{
valid_referers none blocked www.wangqiao123.com wangqiao123.com;
if ($invalid_referer){
rewrite ^/ http://www.wangqiao123.com/return.html;
#return 403;
}
expires 15d;
}
第一行:gif|jpg|jpeg|png|bmp|swf 表示對gif、jpg、png、bmp、swf、flv後綴的文件實行防盜鏈
第二行: 表示對www.wangqiao123.com wangqiao123.com這2個來路進行判斷
if{}裏面內容的意思是,如果來路不是指定來路就跳轉到http://www.wangqiao123.com/retrun.html頁面,當然直接返回403也是可以的。
二、針對圖片目錄防止盜鏈
引用
location /p_w_picpaths/
{
alias /usr/local/nginx/htdocs/p_w_picpaths/;
valid_referers none blocked server_names *.wangqiao123.com wangqiao.com;
if ($invalid_referer)
{
return 403;
}
}
{
alias /usr/local/nginx/htdocs/p_w_picpaths/;
valid_referers none blocked server_names *.wangqiao123.com wangqiao.com;
if ($invalid_referer)
{
return 403;
}
}
三、用accesskey模塊實現Nginx服務器深度防盜鏈
首先下載Nginx-accesskey模塊:
引用
wget
http://wiki.nginx.org/p_w_picpaths/5/51/Nginx-accesskey-2.0.3.tar.gz
tar xzvf Nginx-accesskey-2.0.3.tar.gz
tar xzvf Nginx-accesskey-2.0.3.tar.gz
修改其目錄下的config文件,將$HTTP_ACCESSKEY_MODULE替換成ngx_http_accesskey_module
重新編譯nginx 並在其原有編譯參數的基礎上添加 --add-module=path/nginx-accesskey-2.0.3
修改nginx的conf文件,添加以下幾行:
引用
location /download {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key" ;
accesskey_signature "mypass$remote_addr" ;
}
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key" ;
accesskey_signature "mypass$remote_addr" ;
}
其中:
accesskey爲模塊開關;
accesskey_hashmethod爲加密方式MD5或者SHA-1;
accesskey_arg爲url中的關鍵字參數;
accesskey_signature爲加密值,此處爲mypass和訪問IP構成的字符串。
訪問測試腳本download.php:
引用
<?php
$ipkey= md5("mypass".$_SERVER['REMOTE_ADDR']);
$output_add_key="<a href=http://www.wangqiao123.com/download/1.rar?key=".$ipkey.">download_add_key</a><br />"
$output_org_url="<a href=http://www.wangqiao123.com/download/1.rar>download_org_path</a><br />"
echo $output_add_key;
echo $output_org_url;
?>
$ipkey= md5("mypass".$_SERVER['REMOTE_ADDR']);
$output_add_key="<a href=http://www.wangqiao123.com/download/1.rar?key=".$ipkey.">download_add_key</a><br />"
$output_org_url="<a href=http://www.wangqiao123.com/download/1.rar>download_org_path</a><br />"
echo $output_add_key;
echo $output_org_url;
?>
訪問第一個download_add_key鏈接可以正常下載,第二個鏈接download_org_path會返回403 Forbidden錯誤。