nginx 配置校验请求头的Referer来做简易的防盗链

杨焱

发布于 2021-12-07 19:48:32

2.9K0

发表于2020-04-162020-04-16 作者 wind

需要用到 `valid_referers` 这个配置，可以用在 server 和 location 上，例如：

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
    expires      30d;
    valid_referers none blocked firegod.cn www.firegod.cn;
    if ($invalid_referer) {
        return 403;
    }
}

官方的文档：

Syntax:	valid_referers none \| blocked \| server_names \| string ...;
Default:	—
Context:	server, location

Specifies the “Referer” request header field values that will cause the embedded $invalid_referer variable to be set to an empty string. Otherwise, the variable will be set to “1”. Search for a match is case-insensitive.

Parameters can be as follows:nonethe “Referer” field is missing in the request header;blockedthe “Referer” field is present in the request header, but its value has been deleted by a firewall or proxy server; such values are strings that do not start with “http://” or “https://”;server_namesthe “Referer” request header field contains one of the server names;arbitrary stringdefines a server name and an optional URI prefix. A server name can have an “*” at the beginning or end. During the checking, the server’s port in the “Referer” field is ignored;regular expressionthe first symbol should be a “~”. It should be noted that an expression will be matched against the text starting after the “http://” or “https://”.

Example:

valid_referers none blocked server_names
               *.example.com example.* www.example.org/galleries/
               ~\.google\.;

Embedded Variables

$invalid_refererEmpty string, if the “Referer” request header field value is considered valid, otherwise “1”.

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2020-04-16，如有侵权请联系 cloudcommunity@tencent.com 删除

html

本文分享自作者个人站点/博客前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与腾讯云自媒体同步曝光计划，欢迎热爱写作的你一起参与！

登录后参与评论

0 条评论

热度