One: The general anti-theft chain is as follows:
Copy Code code as follows:
Location ~* \. (gif|jpg|png|swf|flv) $ {
Valid_referers none blocked Www.jb51.net jb51.net;
if ($invalid _referer) {
Rewrite ^/http://www.jb51.net/retrun.html;
#return 403;
}
}
First line: gif|jpg|png|swf|flv
To implement an anti-theft chain for files that are GIF, JPG, PNG, SWF, FLV suffix
Second line: To judge the 2 antecedents of www.ingnix.com
if{} inside the meaning is, if the route is not a specified route to jump to http://www.jb51.net/retrun.html page, of course, direct return 403 is also possible.
Second: Against the picture catalogue to prevent hotlinking
Copy Code code as follows:
location/images/{
alias/data/images/;
Valid_referers None blocked Server_names *.xok.la xok.la;
if ($invalid _referer) {return 403;}
}
Three: Use the third party module Ngx_http_accesskey_module realizes Nginx anti-theft chain
The implementation method is as follows:
The
Implementation method is as follows:
1. Download nginxhttpaccesskeymodule module file: Nginx-accesskey-2.0.3.tar.gz
2. After extracting this file, Locate the config file under nginx-accesskey-2.0.3. Edit this file: Replace the "$HTTP _accesskey_module" with "Ngx_http_accesskey_module";
3. Recompile nginx with parameters:
./configure-- Add-module=path/to/nginx-accesskey
4. Modify the Nginx conf file and add the following lines:
location/download {
accesskey on;
accesskey_hashmethod MD5;
accesskey_arg "key";
accesskey_signature "mypass$remote_addr";
}
Where:
accesskey is a module switch;
Accesskey_hashmethod is encrypted MD5 or SHA-1;
Accesskey_arg is a keyword parameter in the URL; The
Accesskey_signature is an encrypted value, which is a string consisting of Mypass and access IP.
To access the test script download.php:
<?
$ipkey= md5("mypass".$_SERVER['REMOTE_ADDR']);
$output_add_key="<a href=http://www.jb51.net/download/G3200507120520LM.rar?key=".$ipkey.">download_add_key</a><br />";
$output_org_url="<a href=http://www.jb51.net/download/G3200507120520LM.rar>download_org_path</a><br />";
echo $output_add_key;
echo $output_org_url;
?>
Accessing the first Download_add_key link can be downloaded normally, and the second link Download_org_path will return 403 Forbidden error.
Reference:
Nginxhttpaccesskeymodule