Judging the Referer of a request can effectively prevent leeching. This function can be implemented using the HTTPReferer module of nginx. when the Referer field in a request header contains some incorrect fields, this module can prohibit this request from accessing the site. This header can be forged at will. Therefore, using this module cannot block these requests 100%. The vast majority of rejected requests come from some typical browsers, it can be considered that these typical browsers do not provide a "Referer"
Determining the Referer of a request can effectively prevent leeching. This function can be implemented using the corresponding HTTP Referer module of nginx.
When the Referer field in a request header contains some incorrect fields, this module can prohibit this request from accessing the site.
This header can be forged at will. Therefore, using this module cannot block these requests 100%. The vast majority of rejected requests come from some typical browsers, it can be considered that these typical browsers do not provide a "Referer" header, or even the correct requests.
For example:
Location/photos /{
Valid_referers none blocked www.mydomain.com mydomain.com;
If ($ invalid_referer ){
Return 403;
}
}
Here there is only one important command valid_referers:
This command assigns a value to the $ invalid_referer variable based on the referer header. its value is 0 or 1.
You can use this command to implement the anti-Leech function. if there is no Referer header value in the valid_referers list, $ invalid_referer will be set to 1 (refer to the token ).
Parameters can be in the following format:
None indicates a nonexistent Referer header.
Blocked means to disguise the Referer header based on the firewall, for example, "Referer: XXXXXXX ".
Server_names is a list of one or more servers. after version 0.5.33, you can use the "*" wildcard in the name.