nginx防盗链
编辑文件:/usr/local/nginx/conf/nginx.conf
location ~* \.(gif|jpg|png|jpeg)$ {
expires 30d;
valid_referers none blocked *.abc.com www.abc.com m.abc.com *.baidu.com *.google.com;
if ($invalid_referer) {
rewrite ^/ http://www.abc.cn/404.jpg;
#return 404;
}
}
以上代码解释如下:
1、location中指定要防篡改的文件类型;
2、valid_referers指定资源访问是通过以下几种方式为合法
none:直接通过url访问,无referer值的情况
blocked:referer值被防火墙修改
servername:指定资源在合法的url中可以被引用,支持*通配符
3、if判断如果用户请求的资源不符合上述配置,那么rewrite重定向到你想指定的url上,也可以配置403权限错误。
s3防盗链
主要是编辑S3的存储桶策略:限制HTTP引用站点和特定IP访问
http://docs.amazonaws.cn/AmazonS3/latest/dev/example-bucket-policies.html
version:AWS存储桶策略的版本,2012-10-17是最新版
statement:声明,可以有多个condition,如下
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "IPAllow",
- "Effect": "Allow",
- "Principal": "*",
- "Action": "s3:*",
- "Resource": "arn:aws-cn:s3:::examplebucket/*",
- "Condition": {
- "IpAddress": {"aws:SourceIp": "54.240.143.0/24"},
- "NotIpAddress": {"aws:SourceIp": "54.240.143.188/32"}
- }
- },
- {
- "Sid": "Allow get requests referred by www.abc.club and abc.club",
- "Effect": "Allow",
- "Principal": "*",
- "Action": "s3:GetObject",
- "Resource": "arn:aws:s3:::abc/*",
- "Condition": {
- "StringLike": {
- "aws:Referer": [
- "http://www.abc.club/*",
- "http://abc.club/*"
- ]
- }
- }
- }
- ]
- }
确保您使用的浏览器在请求中包含 http referer 标头。(如下)
