One: The General anti-theft chain is as follows:
Location ~* \. (gif|jpg|png|swf|flv) $ {
Valid_referers none blocked www.deepvps.com deepvps.com;
if ($invalid _referer) {
Rewrite ^/http://www.deepvps.com/retrun.html;
#return 403;
}
}
First line: gif|jpg|png|swf|flv
To implement an anti-theft chain for files that are GIF, JPG, PNG, SWF, FLV suffix
Second line: To judge the 2 antecedents of www.ingnix.com
if{} inside the meaning is, if the route is not a specified route to jump to http://www.deepvps.com/retrun.html page, of course, direct return 403 is also possible.
Second: Against the picture catalogue to prevent hotlinking
location/images/{
alias/data/images/;
Valid_referers None blocked Server_names *.xok.la xok.la;
if ($invalid _referer) {return 403;}
}
Three: Use the third party module Ngx_http_accesskey_module realizes Nginx anti-theft chain
The implementation method is as follows:
The
Implementation method is as follows:
1. Download nginxhttpaccesskeymodule module file: Nginx-accesskey-2.0.3.tar.gz
2. After extracting this file, Locate the config file under nginx-accesskey-2.0.3. Edit this file: Replace the "$HTTP _accesskey_module" with "Ngx_http_accesskey_module";
3. Recompile nginx with parameters:
./configure-- Add-module=path/to/nginx-accesskey
4. Modify the Nginx conf file, add the following lines:
Location/download {
accesskey on;
accesskey_hashmethod MD5;
accesskey_arg "key";
accesskey_signature "mypass$remote_addr";
}
Where:
accesskey is a module switch;
Accesskey_hashmethod is encrypted MD5 or SHA-1;
Accesskey_arg is the keyword parameter in the URL;
Accesskey_signature is an encrypted value, which is a string consisting of Mypass and access IP.
To access the test script download.php:
?
$ipkey = MD5 ("Mypass". $_server[' REMOTE_ADDR '));
$output _add_key= "<a href=http://www.deepvps.com/download/g3200507120520lm.rar?key=". $ipkey. " >download_add_key</a><br/> ";
$output _org_url= "<a href=http://www.deepvps.com/download/g3200507120520lm.rar>download_org_path</a> <br/> ";
echo $output _add_key;
echo $output _org_url;
?>
Accessing the first Download_add_key link can be downloaded normally, and the second link Download_org_path will return 403 Forbidden error.
Reference:
Nginxhttpaccesskeymodule