Nginx ------ 防盗链
前言:在企业网站服务中,一般都要配置防盗链功能,以避免网站内容被非法盗用,造成经济损失。 Nginx防盗链功能也非常强大,默认情况下,只需要进行简单的配置,即可实现防盗链处理。 防盗链的基本原理就是根据请求头中referer属性得到网页来源,从而实现访问控制。
一:实验过程
1、实验环境
centos7 虚拟机 两台
win10 客户端 1台
nginx 主机:
2、先将主服务器的名称改为 nginx , 盗链的服务器名改为 daolian
[root@localhost ~]# hostnamectl set-hostname nginx
[root@localhost ~]# su
[root@localhost ~]# hostnamectl set-hostname daolian
[root@localhost ~]# su
3、手工编译安装nginx
[root@nginx ~]# yum install pcre pcre-devel gcc gcc-c++ make bind zlib-devel -y
[root@nginx nginx-1.12.2]# useradd -M -s /sbin/nologin nginx ‘创建名为nginx的运行用户’
[root@nginx nginx-1.12.2]# ./configure \ ‘编译’
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@nginx nginx-1.12.2]# make && make install ‘安装’
4、优化nginx
[root@localhost nginx-1.12.2]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin
[root@localhost nginx-1.12.2]# nginx -t '检测语法是否错误'
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
5、创建nginx的启动脚本
[root@nginx nginx-1.12.2]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@nginx nginx-1.12.2]# cd /etc/init.d/
[root@nginx init.d]# ls
functions netconsole network nginx README
[root@nginx init.d]# chmod +x nginx ‘给权限’
[root@nginx init.d]# ls
functions netconsole network nginx README
[root@nginx init.d]# chkconfig --add nginx
[root@nginx init.d]# chkconfig --level 35 nginx on
[root@nginx init.d]# service nginx start ‘开启nginx服务’
[root@nginx init.d]# netstat -ntap | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 43264/nginx: master
6、将图片导入nginx站点下面
[root@nginx init.d]# cd /usr/local/nginx/html
[root@nginx html]# vim index.html
7、开启服务器nginx的DNS域名解析服务
[root@nginx html]# vim /etc/named.conf
[root@nginx html]# cd /var/named
[root@nginx named]# cp -p named.localhost benet.com.zone
[root@nginx named]# vim benet.com.zone
[root@nginx named]# systemctl restart named
[root@nginx named]# service nginx stop
[root@nginx named]# service nginx start
8、在win10测试 是否能够访问,输入nginx的IP地址
这时还没有加防盗链,可以把图片给盗过来,输入daolian 主机IP地址。
9、修改服务器配置文件,添加盗链
[root@nginx named]# vim /usr/local/nginx/conf/nginx.conf
location ~*\.(jpg|gif|swf)$ {
valid_referers none blocked *.benet.com benet.com;
if ($invalid_referer) {
rewrite ^/ http://www.benet.com/2.png;
}
}
[root@nginx named]# service nginx stop
[root@nginx named]# service nginx start
daolian 主机:
1、安装httpd bind
[root@daolian ~]# yum install httpd bind -y
2、在盗链里面将图片盗出去
[root@daolian ~]# cd /var/www/html/
[root@daolian html]# ls
<h1>this is dao lian </h1>
<img src="http://www.benet.com/dog.jpg" \ >
3、开启daolian主机的apache 服务
[root@daolian html]# vim /etc/httpd/conf/httpd.conf ‘修改配置文件’
Listen 192.168.34.161:80
#Listen 80
ServerName www.world.com:80
[root@daolian html]# systemctl stop firewalld
[root@daolian html]# setenforce 0
[root@daolian html]# systemctl restart httpd
[root@daolian html]# netstat -ntap | grep 80
tcp 0 0 192.168.34.162:80 0.0.0.0:* LISTEN 4789/httpd