The download server is often hotlinking, and the time has long caused the server to waste a lot of resources, because the server uses Nginx as a Web server. Nginx anti-theft Chain Method There are many, can use off-the-shelf anti-theft chain module nginx-accesskey-2.0.3, compile ningx Add this module can.
Because of the other business needs of the service, Nginx compiles the LUA module, so I want to implement the Anti-Theft chain feature of the download server via LUA (through LUA's Nginx module Lua_nginx_module, where the configuration process is no longer detailed), This eliminates the accesskey module. The principle is to generate a processed download link, and then download the server processing this download link, the success of the download, failure is blocked. The following are detailed configuration examples:
Nginx configuration of the link generated on the download page
Download.jb51.net configuration:
Server
{
listen ;
server_name download.jb51.net;
Index index.htm index.html;
Root/data/www/download;
SSI on;
Location/
{
Set_by_lua $downkey ' return
ngx.md5 ("Encryption" ... ngx.var.remote_addr. "suffix")
';
}
}
Note: To open SSI to get nginx custom variable Downkey in an HTML page, you can generate a processed URL in which the strings encryption and suffix are custom and can be arbitrarily changed to other characters, in order to generate a string that is not easily guessed by others.
To test index.html code:
Second, download server Nginx configuration:
Server
{
listen ;
server_name down.jb51.net;
Index index.htm index.html;
Root/data/www/down;
Limit_conn one 1;
Set $limit _rate 1000k;
Location/
{
Set_by_lua $foo '
if String.sub (Ngx.var.uri, 2,) = = NGX.MD5 ("Encryption"). Ngx.var.remote_addr.. "suffix") then return
1
else return
0
end
';
if ($foo = 1)
{
rewrite "^/([0-9a-z]{32}) (. *?) $ "$ break ;
}
" if ($foo = 0)
{
rewrite ^/http://download.jb51.net/404.htm redirect;
}
}
}
When you copy the link to another machine, you will open the prompt error page.