Nginx serves as a static resource web service to control browser caching and prevent hotlinking

不言
Release: 2023-04-03 16:18:01
Original
2332 people have browsed it

This article introduces you to Nginx as a static resource web service to control browser cache and implement anti-leeching. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

1. Control browser cache

1. Introduction to browser cache

Browser cache follows the caching mechanism defined by the HTTP protocol (such as: Expires; Cache-control, etc.) .

When the browser has no cache, the request response process

Nginx serves as a static resource web service to control browser caching and prevent hotlinking

When the browser has When caching, request response process

Nginx serves as a static resource web service to control browser caching and prevent hotlinking

Browser cache verification expiration mechanism

##Etag header in the protocol Information verificationEtagLast-Modified header information verificationLast-Modified

Browser request process

Nginx serves as a static resource web service to control browser caching and prevent hotlinking

2. Nginx controls browser cache configuration

Nginx passes Control browser cache by adding Cache-Control (max-age) and Expires header information.

ngx_http_headers_module

Syntax

Syntax:    expires [modified] time;
        expires epoch | max | off;
Default:    expires off;
Context:    http, server, location, if in location
Copy after login

This configuration item can control "Expires" and "Cache-Control" in the HTTP response "Header information, (which plays a role in controlling page caching).

The expiration time in the "Expires" header information is the sum of the current system time and the time value you set. If the modified parameter is specified, the expiration time is the sum of the last modification time of the file and the time value you set.
The content of the "Cache-Control" header depends on the symbol specifying time. You can use positive or negative numbers in the time value.
When time is a negative number, "Cache-Control: no-cache";
When time is a positive number or 0, "Cache-Control: max-age=time", the unit is seconds.

The epoch parameter is used to specify the value of "Expires" as 1 January, 1970, 00:00:01 GMT.
The max parameter is used to specify the value of "Expires" as "Thu, 31 Dec 2037 23:55:55 GMT" and the value of "Cache-Control" as 10 years. The
off parameter disables additions or modifications to the "Expires" and "Cache-Control" response header information.

3. Application examples

1. vim /etc/nginx/conf.d/static.conf

server {
    location ~ .*\.(txt|xml)$ {
        # 设置过期时间为1天
        expires 1d;
        root /vagrant/doc;
    }
}
Copy after login

2. nginx -s reload Reload nginx configuration file

3. Create /vagrant/doc/hello.txt file

4. Access 192.168.33.88/hello.txt through curl and check the http response header information

[root/etc/nginx]# curl -I 192.168.33.88/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Tue, 17 Jul 2018 07:12:11 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Expires: Wed, 18 Jul 2018 07:12:11 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
Copy after login

Focus on Expires and Cache-Control Field, it can be seen that the cache time of hello.txt is 1 day.

2. Anti-hotlinking

Purpose: To prevent resources from being misappropriated
Idea: Distinguish which requests are abnormal user requests

1. Based on http_refer anti-hotlink configuration module

ngx_http_referer_module

Syntax

Syntax:    valid_referers none | blocked | server_names | string ...;
Default:    —
Context:    server, location
Copy after login

none: There is no Referer field in the request header
blocked : Although the "Referer" field exists in the request header, its value has been deleted by the firewall or proxy server; these values ​​are strings that do not start with "http://" or "https://";
server_names : The "Referer" request header field contains the server name
Any string: Defines a server name and an optional URI prefix. The server name can have "*" at the beginning or end. The server port in the "Referer" field is ignored when checking.
Regular expression: The string must start with ~. It is worth noting that the regular expression matches the content after "http://" or "https://".

Example

valid_referers none blocked server_names *.example.com example.* www.example.org/galleries/ ~\.google\.;
Copy after login

2. Application example

1. vim conf.d/static.conf

server {
    location ~ .*\.(txt|xml)$ {
        
        # 配置防盗链规则
        valid_referers none blocked 192.168.1.110 *.example.com example.* ~\.google\.;

        # 如果不符合防盗链规则,则返回403
        if ($invalid_referer) {
            return 403;
        }

        root /vagrant/doc;
    }
}
Copy after login

2. nginx -s reload Reload the nginx configuration file

3. Create the /vagrant/doc/hello.txt file

  • vim /vagrant/a/a.txt

Hello world!
Copy after login

4. Use curl for access testing

  • Without referer, you can access it normally

[root~]# curl -I http://127.0.0.1/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 03 Aug 2018 01:34:12 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Accept-Ranges: bytes
Copy after login
  • The referer is http://www.baidu.com, and 403 is returned.

[root~]# curl -e "http://www.baidu.com" -I http://127.0.0.1/hello.txt
HTTP/1.1 403 Forbidden
Server: nginx/1.14.0
Date: Fri, 03 Aug 2018 01:34:34 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Copy after login
  • referer is http://192.168.1.110, which can be accessed normally

[root~]# curl -e "http://192.168.1.110" -I http://127.0.0.1/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 02 Aug 2018 11:31:51 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Accept-Ranges: bytes
Copy after login
Copy after login
  • referer starts with example. or ends with .example.com, you can access

[root~]# curl -e "http://www.example.com" -I http://127.0.0.1/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 02 Aug 2018 11:33:47 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Accept-Ranges: bytes

[root~]# curl -e "http://example.baidu.com" -I http://127.0.0.1/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 02 Aug 2018 11:33:53 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Accept-Ranges: bytes
Copy after login
  • normally

    referer is http://192.168.1.110, you can access it normally

[root~]# curl -e "http://192.168.1.110" -I http://127.0.0.1/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 02 Aug 2018 11:31:51 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Accept-Ranges: bytes
Copy after login
Copy after login
  • referer is http:// google.com, returns 403

[root~]# curl -e "http://google.com" -I http://127.0.0.1/hello.txt
HTTP/1.1 403 Forbidden
Server: nginx/1.14.0
Date: Thu, 02 Aug 2018 11:37:43 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Copy after login
  • referer ishttp://www.google.com, and can be accessed normally

[root~]# curl -e "http://www.google.com" -I http://127.0.0.1/hello.txt
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Thu, 02 Aug 2018 11:37:50 GMT
Content-Type: text/plain
Content-Length: 12
Last-Modified: Tue, 17 Jul 2018 07:07:22 GMT
Connection: keep-alive
ETag: "5b4d95aa-c"
Accept-Ranges: bytes
Copy after login

Recommended related articles:

Nginx serves as a static resource web service and performs static resource compression

##
Check whether it has expired Cache-Control(max-age), Expires

The above is the detailed content of Nginx serves as a static resource web service to control browser caching and prevent hotlinking. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!