Nginx热链接保护问题

我正在尝试在nginx中实现图像热链接保护问题,我需要帮助。 我有一个很大的问题,我的网站的图像被提交给像StumbleUpon这样的社交networking

http://example.com/xxxxx.jpg

这有时会导致巨大的stream量,并增加CPU使用率和带宽使用率。 我想阻止直接访问我的图片从其他引荐,并保护他们不被盗链。

这是我的vhost.conf中的代码

  server { access_log off; error_log logs/vhost-error_log warn; listen 80; server_name mydomain.com www.mydomain.com; # uncomment location below to make nginx serve static files instead of Apache # NOTE this will cause issues with bandwidth accounting as files wont be logged location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ { root /home/username/public_html; expires 1d; } root /home/mydomain/public_html; } location / { client_max_body_size 10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; # you can increase proxy_buffers here to suppress "an upstream response # is buffered to a temporary file" warning proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_connect_timeout 30s; proxy_redirect http://www.mydomain.com:81 http://www.mydomain.com; proxy_redirect http://mydomain.com:81 http://mydomain.com; proxy_pass http://ip_address/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; expires 24h; } } 

对于热链接保护,我添加了这个代码

 location ~* (\.jpg|\.png|\.gif|\.jpeg)$ { valid_referers blocked www.mydomain.com mydomain.com; if ($invalid_referer) { return 403; } 

这是这个域的当前nginx代码,但它不起作用:

  server { access_log off; error_log logs/vhost-error_log warn; listen 80; server_name mydomain.com www.mydomain.com; # uncomment location below to make nginx serve static files instead of Apache # NOTE this will cause issues with bandwidth accounting as files wont be logged location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ { root /home/username/public_html; expires 1d; } root /home/mydomain/public_html; } location ~* (\.jpg|\.png|\.gif|\.jpeg)$ { valid_referers blocked www.mydomain.com mydomain.com; if ($invalid_referer) { return 403; } location / { client_max_body_size 10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; # you can increase proxy_buffers here to suppress "an upstream response # is buffered to a temporary file" warning proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_connect_timeout 30s; proxy_redirect http://www.mydomain.com:81 http://www.mydomain.com; proxy_redirect http://mydomain.com:81 http://mydomain.com; proxy_pass http://ip_address/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; expires 24h; } } 

我怎样才能解决这个问题?

你应该问这个问题: https : //serverfault.com/

我目前的网站使用这个:

## Stop Image and Document Hijacking, alow Google, MSN PicSearch location ~* \.(png|gif|jpg|jpeg)$ { set $testref ""; if ($http_referer !~ ^(http://mydomain.com|http://www.google|http://images.search.yahoo|http://www.bing|http://pictures.ask)){ set $testref I; } if ($http_user_agent !~* (Googlebot|psbot|msnbot|Yahoo|Ask)) { set $testref "${testref}G"; } if ($testref = IG){ return 444; } }
## Stop Image and Document Hijacking, alow Google, MSN PicSearch location ~* \.(png|gif|jpg|jpeg)$ { set $testref ""; if ($http_referer !~ ^(http://mydomain.com|http://www.google|http://images.search.yahoo|http://www.bing|http://pictures.ask)){ set $testref I; } if ($http_user_agent !~* (Googlebot|psbot|msnbot|Yahoo|Ask)) { set $testref "${testref}G"; } if ($testref = IG){ return 444; } } 

您只能使用第一个“if”部分,第二个不要阻止Google和其他图片蜘蛛。 第一部分从mydomain(和google等)中查找查阅者,并在其他情况下返回444。 它可以被replace为返回blank.gif图像。

你可以在Nginx中使用valid_referers选项。 请参阅https://www.atulhost.com/hotlink-protection-nginx

相关的代码是:

 location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ { valid_referers none blocked example.org www.exampleorg ~\.google\. ~\.yahoo\. ~\.bing\. ~\.facebook\. ~\.fbcdn\.; if ($invalid_referer) { return 403; } root /home/username/public_html; expires 1d; }