First, the referer module has weak functions)
location ~* \.(jpg|gif|png)$ { valid_referers none blocked .g.cn; if ($invalid_referer) { rewrite ^.*$ /no.jpg break; #rewrite ^.*$ http://y.cn/no.jpg permanent; }}
Note:
Valid_referers is related to the whitelist. When the referer header is detected, the value of $ invalid_referer variable is 1 if the referer header does not match.
None allows direct access to protected images. Optional.
Blocked allows firewall camouflage. referer: xxx is also considered valid. Optional.
.G.cn access is allowed when the referer host is g.cn and all its second-level domain names.
Appendix: use telnet to test the blocked parameter valid_referers. Do not use the none parameter)
# View the size of the preset image and the protected image [root @ y g.cn] # ll OK .png No. jpg-rw-r -- 1 root 1575 September 17 19:54 No. jpg-rw-r -- r -- 1 root 15316 September 17 20:38 OK .png use telnet to test the blocked parameter, check the difference between Content-Length [root @ localhost ~] # Telnet 192.168.2.126 80 Trying 192.168.2.126... connected to y.cn (192.168.2.126 ). escape character is '^]'. HEAD/OK .png HTTP/1.1 host: g. cnHTTP/1.1 200 OKServer: nginxDate: Tue, 17 Sep 2013 12:51:20 GMTContent-Type: image/custom Content-Length: 1575Last-Modified: Tue, 17 Sep 2013 11:54:07 GMTConnection: keep-aliveAccept-Ranges: bytesConnection closed by foreign host.htm is in the latest test and does not use the latest referer header to return No. JPG (size 1575 bytes ). [Root @ localhost ~] # Telnet 192.168.2.126 80 Trying 192.168.2.126... connected to y.cn (192.168.2.126 ). escape character is '^]'. HEAD/OK .png HTTP/1.1 host: g. cnreferer: g. cnHTTP/1.1 200 OKServer: nginxDate: Tue, 17 Sep 2013 12:52:40 GMTContent-Type: image/pngContent-Length: 15366last-modified: Tue, 17 Sep 2013 12:38:33 GMTConnection: keep-aliveAccept-Ranges: bytesConnection closed by foreign host. # In the above test, g.cn is used as the refer Normal bytes OK .png (15316 bytes ).
Method 2: Use the third-party accesskey ModuleReference: http://wiki.nginx.org/HttpAccessKeyModule)
This method requires the support of php or other program scripts to generate the md5 of the specified key to access resources.
Third: Use the SecureLink Module
...
This article from the "notepad" blog, please be sure to keep this source http://sndapk.blog.51cto.com/5385144/1298403