Nginx作为静态资源web服务_防盗链目的

1、防盗链目的

目的：防止资源被盗用。

防止非正常用户访问，占用网站资源，影响网站性能，势必影响正常用户访问。

2、防盗链设置思路

首要方式：区别哪些用户是非正常的用户请求。

3、基于http_referer防盗链配置模块

（1）http_referer_module作用

ngx_http_referer_module模块用于阻止对“Referer”头字段中具有无效值的请求访问站点。

官网解释：

The ngx_http_referer_module module is used to block access to a site for requests with invalid values in the “Referer” header field. It should be kept in mind that fabricating a request with an appropriate “Referer” field value is quite easy, and so the intended purpose of this module is not to block such requests thoroughly but to block the mass flow of requests sent by regular browsers. It should also be taken into consideration that regular browsers may not send the “Referer” field even for valid requests.

（2）举例

valid_referers none blocked server_names

*.example.com example.* www.example.org/galleries/

~\.google\.;

if ($invalid_referer) {

return 403;

}

（3）referer_hash_bucket_size语法

Syntax:	referer_hash_bucket_size size;
Default:	referer_hash_bucket_size 64;
Context:	server, location

This directive appeared in version 1.0.5.

语法解释：

referer_hash_bucket_size size;表示设置有效引用散列表的存储区大小。

Sets the bucket size for the valid referers hash tables. The details of setting up hash tables are provided in a separate document.

（4）referer_hash_max_size 语法

Syntax:	referer_hash_max_size size;
Default:	referer_hash_max_size 2048;
Context:	server, location

This directive appeared in version 1.0.5.

语法解释：

referer_hash_max_size size;表示设置有效引用者哈希表的最大大小。

Sets the maximum size of the valid referers hash tables. The details of setting up hash tables are provided in a separate document.

（5）valid_referers语法

Syntax:	valid_referers none \| blocked \| server_names \| string ...;
Default:	—
Context:	server, location

语法解释：

valid_referers none | blocked | server_names | string ...;
none表示请求标头中缺少“Referer”字段;

blocked表示“Referer”字段出现在请求标头中，但其值已被防火墙或代理服务器删除; 这些值是不以“http：//”或“https：//”开头的字符串;

server_names 表示“Referer”请求头字段包含一个服务器名称;

string 表示定义服务器名称和可选的URI前缀。服务器名称的开头或结尾可以包含“*”。在检查期间，“Referer”字段中的服务器端口被忽略;

Specifies the “Referer” request header field values that will cause the embedded $invalid_referervariable to be set to an empty string. Otherwise, the variable will be set to “1”. Search for a match is case-insensitive.

Parameters can be as follows:

none

the “Referer” field is missing in the request header;

blocked

the “Referer” field is present in the request header, but its value has been deleted by a firewall or proxy server; such values are strings that do not start with “http://” or “https://”;

server_names

the “Referer” request header field contains one of the server names;

arbitrary string

defines a server name and an optional URI prefix. A server name can have an “*” at the beginning or end. During the checking, the server’s port in the “Referer” field is ignored;

regular expression

the first symbol should be a “~”. It should be noted that an expression will be matched against the text starting after the “http://” or “https://”.

Example:

valid_referers none blocked server_names

               *.example.com example.* www.example.org/galleries/

               ~\.google\.;

Embedded Variables

$invalid_referer

Empty string, if the “Referer” request header field value is considered valid, otherwise “1”.