This article introduces to you about Nginx as a static resource Web service to control the browser cache and the implementation of anti-theft chain, there is a certain reference value, the need for friends can refer to, I hope to help you.
One, control browser cache
1. Introduction to Browser caching
The browser cache follows the caching mechanism defined by the HTTP protocol (for example: Expires; Cache-control, etc.).
Request response process When browser has no cache
Request response process when the browser has a cache
Browser cache check expiration mechanism
whether the check expires |
Cache-control (max-age), Expires |
The ETag header information verification in the Protocol |
Etag |
Last-modified Header Information Verification |
Last-modified |
Browser request Process
2. Nginx Control Browser Cache configuration
Nginx controls the browser cache by adding Cache-control (max-age) and Expires header information.
Ngx_http_headers_module
Grammar
Syntax: expires [modified] time; Expires Epoch | Max | Off;default: expires off; Context: http, server, location, if
This configuration item controls the "Expires" and "Cache-control" header information in the HTTP response, which controls the role of the page cache.
The expiration time in the "Expires" header information is the same as the time value you set for the current system time. If the modified parameter is specified, the expiration time is the same as the last modified time of the file and the time value you set.
The content of the "Cache-control" header information depends on the symbol for the specified time. You can use a positive or negative number in the time value.
When time is negative, "Cache-control:no-cache";
When time is positive or 0, "Cache-control:max-age=time", the unit is seconds.
The epoch parameter is used to specify a value of "Expires" of 1 January, 1970, 00:00:01 GMT.
The max parameter specifies the value of "Expires" as "Thu, 2037 23:55:55 GMT", and "Cache-control" with a value of 10 years.
The off parameter invalidates the addition or modification of the "Expires" and "Cache-control" Response header information.
3. Application examples
1. vim/etc/nginx/conf.d/static.conf
server {location ~. *\. ( Txt|xml) $ { # Set expiration time is 1 days expires 1d; Root/vagrant/doc;} }
2. Nginx-s Reload re-loading the Nginx configuration file
3. Create a /vagrant/doc/hello.txt
file
4. Access 192.168.33.88/hello.txt via Curl to view HTTP response header information
[root/etc/nginx]# curl-i 192.168.33.88/hello.txthttp/1.1 okserver:nginx/1.14.0date:tue, Jul 2018 07:12:11 GMTCon Tent-type:text/plaincontent-length:12last-modified:tue, 2018 07:07:22 Gmtconnection:keep-aliveetag: " 5b4d95aa-c "expires:wed, Jul 2018 07:12:11 Gmtcache-control:max-age=86400accept-ranges:bytes
With a focus on viewing Expires
and Cache-Control
two fields, it is visible that the Hello.txt cache time is 1 days.
Second, anti-theft chain
Purpose: To prevent misappropriation of resources
IDEA: Differentiate which requests are non-normal user requests
1. Based on the Http_refer anti-theft chain configuration module
Ngx_http_referer_module
Grammar
Syntax: valid_referers None | blocked | server_names | string ...;D efault: -context: Server, location
None: The Referer field is not in the request header
Blocked: the "Referer" field exists in the request header, but its value has been removed by the firewall or proxy server, which is a string that does not start with "http:/" or "https://";
Server_names: The "Referer" Request header field contains the server name
Arbitrary string: Defines a server name and an optional URI prefix. The server name can start or end with a "*". When checked, the server port in the "Referer" field is ignored.
Regular expression: The string must begin with a ~, and it is worth noting that the regular expression matches the content after "http:/" or "https://".
Example
Valid_referers None blocked Server_names *.example.com example.* www.example.org/galleries/~\.google\.;
2. Application examples
1. Vim conf.d/static.conf
server {location ~. *\. ( Txt|xml) $ { # Configure anti-chain rules valid_referers none blocked 192.168.1.110 *.example.com example.* ~\.google\.; # If the anti-theft chain rule is not met, return 403 if ($invalid _referer) { return 403; } Root/vagrant/doc;} }
2. Nginx-s Reload re-loading the Nginx configuration file
3. Create a /vagrant/doc/hello.txt
file
Hello world!
4. Using Curl for access testing
[root~]# curl-i http://127.0.0.1/hello.txtHTTP/1.1 Okserver:nginx/1.14.0date:fri, Geneva 2018 01:34:12 Gmtcontent-t Ype:text/plaincontent-length:12last-modified:tue, 2018 07:07:22 Gmtconnection:keep-aliveetag: "5b4d95aa-c" Accept-ranges:bytes
[root~]# curl-e "http://www.baidu.com"-I http://127.0.0.1/hello.txtHTTP/1.1 403 forbiddenserver:nginx/1.14.0date: Fri, 2018 01:34:34 gmtcontent-type:text/htmlcontent-length:169connection:keep-alive
[root~]# curl-e "http://192.168.1.110"-I http://127.0.0.1/hello.txtHTTP/1.1 Okserver:nginx/1.14.0date:thu, Geneva 2018 11:31:51 Gmtcontent-type:text/plaincontent-length:12last-modified:tue, Jul 2018 07:07:22 Gmtconnection:keep-a Liveetag: "5b4d95aa-c" accept-ranges:bytes
[root~]# curl-e "http://www.example.com"-I http://127.0.0.1/hello.txtHTTP/1.1 Okserver:nginx/1.14.0date:thu, A UG 2018 11:33:47 Gmtcontent-type:text/plaincontent-length:12last-modified:tue, Jul 2018 07:07:22 Gmtconnection:keep -aliveetag: "5b4d95aa-c" accept-ranges:bytes[root~]# curl-e "http://example.baidu.com"-I HTTP://127.0.0.1/ hello.txthttp/1.1 Okserver:nginx/1.14.0date:thu, 2018 11:33:53 Gmtcontent-type:text/plaincontent-length:12 Last-modified:tue, 2018 07:07:22 Gmtconnection:keep-aliveetag: "5b4d95aa-c" accept-ranges:bytes
[root~]# curl-e "http://192.168.1.110"-I http://127.0.0.1/hello.txtHTTP/1.1 Okserver:nginx/1.14.0date:thu, Geneva 2018 11:31:51 Gmtcontent-type:text/plaincontent-length:12last-modified:tue, Jul 2018 07:07:22 Gmtconnection:keep-a Liveetag: "5b4d95aa-c" accept-ranges:bytes
[root~]# curl-e "http://google.com"-I http://127.0.0.1/hello.txtHTTP/1.1 403 Forbiddenserver:nginx/1.14.0date:thu, 2018 11:37:43 Gmtcontent-type:text/htmlcontent-length:169connection:keep-alive
[root~]# curl-e "http://www.google.com"-I http://127.0.0.1/hello.txtHTTP/1.1 Okserver:nginx/1.14.0date:thu, 2018 11:37:50 Gmtcontent-type:text/plaincontent-length:12last-modified:tue , 2018 07:07:22 Gmtconnection:keep-aliveetag: "5b4d95aa-c" Accept-ranges:bytes