Introduction of the method of anti-theft chain under Nginx server _nginx

Modify/usr/local/nginx/conf/nginx.conf This configuration file.

Found it

 Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $
{
expires   30d;
} [/code] 

Modified into:

Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $
{
valid_referers none blocked *.jannn.com jannn.com;
if ($invalid _referer) {
rewrite ^/yun_qi_img/404.jpg;
#return404;
}
Expires   30d;
}

First line:

Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $

where "gif|jpg|jpeg|png|bmp|swf" set anti-theft chain file type, modify their own, each suffix with "|" Sign apart!

Third line:

Valid_referers none blocked *.jannn.com jannn.com;

Is the white list, allow the file to link out of the Domain name white list, modify your domain name! *.jannn.com this refers to the subdomain, domain name and domain name between the use of space separated!

Line five:

Rewrite ^/yun_qi_img/404.jpg;

This image is a picture returned by hotlinking, which replaces all hotlinking in the hotlinking site. This picture should be placed on the site without setting up the anti-theft chain, because the role of anti-theft chain, this picture if also put on the anti-theft chain on the site will be as a burglar-proof chain does not appear, Hotlinking's website hotlinking picture will show X symbol.

This setting can play the role of anti-theft chain, said above, this is not completely realize the real sense of the chain of anti-theft!

Let's look at the third line:

Valid_referers none blocked *.jannn.com jannn.com;

Valid_referers, "none blocked."

We delete the "none blocked" and change it to

Valid_referers *.jannn.com jannn.com;

Nginx completely implement the real sense of the chain of theft the complete code should be like this:

Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $
{
valid_referers *.jannn.com jannn.com;

if ($invalid _referer) {
rewrite ^/yun_qi_img/404.jpg;
#return404;
}
Expires   30d;

This way you can directly enter a picture address in the browser will no longer show the picture out, it will not be right to save anything.

Line five:

Rewrite ^/yun_qi_img/404.jpg;

This is to give the picture anti-theft chain set of anti-theft chain back to the picture, if we are files need anti-theft chain download, the fifth line:

Rewrite ^/yun_qi_img/404.jpg;

Change to a link, can be your main station links, such as the fifth line into the small blog home:

Rewrite ^/http://www.jannn.com;

In this way, when someone input file download address, because the role of anti-theft chain download will jump to the link you set!

Finally, the configuration file settings are complete don't forget to restart Nginx!

Smooth reboot Nginx:

 /etc/init.d/nginx Reload

Following methods:

Original: Nginx anti-theft chain detailed explanation

A common method is to add to the server or Location section!

Valid_referers  None blocked www.yiibase.com yiibase.com;

See below for a detailed example

One, for different file types
the above article detailed and through my practice, but is feasible, online mostly say is

Location ~* \. (gif|jpg|jpeg|png|bmp|txt|zip|jar|swf) $ {
Valid_referers none blocked *.mynginx.com;
if ($invalid _referer) {
rewrite ^/yun_qi_img/daolian.gif;
#return 403;
}

Add this code to the server segment, but there's actually a

Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $
{
expires   30d;
}

These two pieces of code must be synthesized into a section, otherwise, the anti-theft chain will not take effect. A little strange is that I open to the anti-theft chain began a few days are not appear funds anti-theft chain picture, after a few days before the appearance, do not know why, know can also tell me.
second, for different directories

location/img/{
root/data/img/;
Valid_referers none blocked *.yiibase.com yiibase.com;
if ($invalid _referer) {
rewrite ^/yun_qi_img/error.gif;
#return403;
}
}

The above is nginx with the anti-theft chain function.

Third, Nginx Third-party module ngx_http_accesskey_module to achieve the download file anti-theft chain

Installing Nginx and Nginx-http-access modules

Copy Code code as follows:

#tar ZXVF nginx-0.7.61.tar.gz
#cd nginx-0.7.61/
#tar XVFZ nginx-accesskey-2.0.3.tar.gz
#cd nginx-accesskey-2.0.3
#vi Config
#把HTTP_MODULES = "$HTTP _modules $HTTP _accesskey_module"
#修改成HTTP_MODULES = "$HTTP _modulesngx_http_accesskey_module
# (This is a bug in this module)
#./configure--user=www--group=www \
--prefix=/usr/local/nginx--with-http_stub_status_module \
--with-http_ssl_module--add-module=/root/nginx-accesskey-2.0.3
server{
.....
Location/download {
AccessKey on;
Accesskey_hashmethod MD5;
Accesskey_arg "Key";
Accesskey_signature "Mypass$remote_addr";
}
}

/download for you to download the directory.

The download path format generated by the foreground PHP is:

1.http://*****.com/download/1.zip?key=<?php echo MD5 (' Mypass '. $_server["REMOTE_ADDR"]);? >
This way, when the access is not the same as the parameter, the other user opens, and it appears: 403

Nginxhttpaccesskeymodule Third party module, the implementation method is as follows:

1. Download Nginx httpaccesskeymodule module file: nginx-accesskey-2.0.3.tar.gz;

2. After extracting this file, locate the config file under nginx-accesskey-2.0.3. Edit this file: Replace the "$HTTP _accesskey_module" as "ngx_http_accesskey_module";

3. Recompile nginx with parameters:

./configure--add-module=path/to/nginx-accesskey

4. Modify the Nginx conf file, add the following lines:

location/download {
accesskey on       ;
Accesskey_hashmethod MD5;
Accesskey_arg     "key";
Accesskey_signature  "mypass$remote_addr";
}

which
accesskey for module switch;
Accesskey_hashmethod is MD5 or SHA-1 for encryption;
Accesskey_arg is the keyword parameter in the URL;
Accesskey_signature is an encrypted value, which is a string consisting of Mypass and access IP.
To access the test script download.php:

<?php
$ipkey = MD5 ("Mypass". $_server[' REMOTE_ADDR '));
$output _add_key= "<a href=http://www.example.cn/download/g3200507120520lm.rar?key=". $ipkey. " >
download_add_key</a> ";
$output _org_url= "<a href=http://www.example.cn/download
/g3200507120520lm.rar>download_org_path</a > ";

Echo$output_add_key;
Echo$output_org_url;
? >

Accessing the first Download_add_key link can be downloaded normally, and the second link Download_org_path will return 403 Forbidden error.

If you are not afraid of trouble, conditional implementation, recommend the use of Nginx httpaccesskeymodule this thing.

The way he runs it is: I have a file.zip file in my download directory. The corresponding URI is Http://www.yiibase.com/download/file.zip
http://www.yiibase.com/download/file.zip?key=09093abeac094 after using the Ngx_http_accesskey_module module. Only the given key value is correct to download the file.zip in the download directory. And the key value is based on the user's IP, so you can avoid being hotlinking.

It is said Nginx Httpaccesskeymodule now even thunder can prevent, you can try.