nginx会话保持与防盗链( 二 ) nginx会话保持nginx会话保持主要

文章插图
查看服务器日志：

文章插图
Referer记录了：连接是1.10这台机器。在图片服务器操作[root@nginx-server conf.d]# vim nginx.confserver {listen 80;server_name localhost;location / {root /usr/share/nginx/html;index index.html index.htm;?valid_referers none blocked www.jd.com; #允许这些访问if ($invalid_referer) {return 403;}}}[root@nginx-server conf.d]# systemctl restart nginx测试访问:

文章插图
图片服务器查看日志:

文章插图
上面配置并没有允许192.168.1.10这台机器访问。实例二，继续在图片服务器上面操作[root@nginx-server html]# vim /etc/nginx/conf.d/nginx.conf #将原来的删除掉server {listen 80;server_name localhost;location ~ .*\.(gif|jpg|png|jpeg)$ {root /usr/share/nginx/html;?valid_referers none blocked *. 192.168.1.10;if ($invalid_referer) {return 403;}}?}重载nginx服务[root@nginx-server ~]# nginx -s reload在其中一台机器测试:测试不带http_refer：[root@nginx-server conf.d]# curl -I ""HTTP/1.1 200 OKServer: nginx/1.16.1Date: Mon, 02 Sep 2019 14:02:56 GMTContent-Type: image/jpegContent-Length: 27961Last-Modified: Mon, 02 Sep 2019 13:23:12 GMTConnection: keep-aliveETag: "5d6d17c0-6d39"Accept-Ranges: bytes?测试带非法http_refer:[root@nginx-server conf.d]# curl -e-I ""HTTP/1.1 403 ForbiddenServer: nginx/1.16.1Date: Mon, 02 Sep 2019 14:03:48 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-alive?测试带合法的http_refer:[root@nginx-server conf.d]# curl -e-I ""HTTP/1.1 200 OKServer: nginx/1.16.1Date: Mon, 02 Sep 2019 14:04:52 GMTContent-Type: image/jpegContent-Length: 27961Last-Modified: Mon, 02 Sep 2019 13:23:12 GMTConnection: keep-aliveETag: "5d6d17c0-6d39"Accept-Ranges: bytes?[root@ansible-server conf.d]# curl -e-I ""HTTP/1.1 200 OKServer: nginx/1.16.1Date: Mon, 02 Sep 2019 14:05:36 GMTContent-Type: image/jpegContent-Length: 27961Last-Modified: Mon, 02 Sep 2019 13:23:12 GMTConnection: keep-aliveETag: "5d6d17c0-6d39"Accept-Ranges: bytes如果用户直接在浏览器输入你的图片地址，那么图片显示正常，因为它符合none这个规则。在图片服务器查看日志：

文章插图
转自：知乎千锋云计算学院