Home > Backend Development > PHP Tutorial > 3 ways to prevent hotlinking in Nginx

3 ways to prevent hotlinking in Nginx

WBOY
Release: 2016-08-08 09:20:29
Original
1021 people have browsed it

1: The general anti-hotlink protection is as follows:

<code>location ~* \.(gif|jpg|png|swf|flv)$ { 
  valid_referers none blocked www<span>.jzxue</span><span>.com</span> jzxue<span>.com</span><span>; </span>
  if ($invalid_referer) { 
    rewrite ^/ http://www<span>.jzxue</span><span>.com</span>/retrun<span>.html</span><span>; </span><span>#return 403; </span>
  } 
} </code>
Copy after login

First line: gif|jpg|png|swf|flv
Indicates that files with gif, jpg, png, swf, and flv suffixes are protected against hotlinking
The second line: indicates the judgment of the two origins of www.ingnix.com
The meaning of the content in if{} is that if the source is not the specified source, it will jump to the http://www.jzxue.com/retrun.html page. Of course, it is also possible to directly return 403. of.

Two: Prevent hotlinking for image directories

<code>location /images<span>/</span> { 
  alias /<span>data</span>/images<span>/</span>; 
  valid_referers <span>none</span> blocked server_names <span>*</span><span>.</span>xok<span>.</span>la xok<span>.</span>la ; 
  <span>if</span> (<span>$invalid_referer</span>) {<span>return</span><span>403</span>;} 
} </code>
Copy after login

Three: Use the third-party module ngx_http_accesskey_module to implement Nginx anti-hotlinking
The implementation method is as follows:
1. Download the NginxHttpAccessKeyModule module file: http://wiki.nginx.org/File:Nginx-accesskey-2.0.3.tar.gz;
2. After decompressing this file, find the config file under nginx-accesskey-2.0.3. Edit this file: replace "$HTTP_ACCESSKEY_MODULE" with "ngx_http_accesskey_module";
3. Recompile nginx with the following parameters:

<code>./configure --<span>add</span>-<span>module</span>=path/<span>to</span>/nginx-accesskey
<<pestd <span>add</span></code>
Copy after login

You need to add the original compilation parameters above, and then execute: make && make install

  1. Modify the conf file of nginx and add the following lines:
<code><span>location</span> /download {
  <span>accesskey</span><span>on</span>;
  <span>accesskey_hashmethod</span> md5;
  <span>accesskey_arg</span><span>"key"</span>;
  <span>accesskey_signature</span><span>"mypass<span>$remote_addr</span>"</span>;
}</code>
Copy after login

Among them:
accesskey is the module switch;
accesskey_hashmethod is the encryption method MD5 or SHA-1;
accesskey_arg is the keyword parameter in the url;
accesskey_signature is an encrypted value, here it is a string composed of mypass and access IP.
Access the test script download.php:

<code><span><span><?</span><span>$ipkey</span>= md5(<span>"mypass"</span>.<span>$_SERVER</span>[<span>'REMOTE_ADDR'</span>]);
<span>$output_add_key</span>=<span>"<a href=http://www.jzxue.com/download/G3200507120520LM.rar?key="</span>.<span>$ipkey</span>.<span>">download_add_key</a><br />";
<span>$output_org_url</span>=<span>"<a href=http://www.jzxue.com/download/G3200507120520LM.rar>download_org_path</a><br />"</span>;
<span>echo</span><span>$output_add_key</span>;
<span>echo</span><span>$output_org_url</span>;
<span>?></span></code>
Copy after login

Accessing the first download_add_key link can download normally, but the second link download_org_path will return a 403 Forbidden error.
Reference:
NginxHttpAccessKeyModule
http://xok.la/2009/03/nginx_http_accesskey_module_referer.html

The above introduces the three methods of Nginx anti-hotlinking, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template