Nginx deployed to achieve security chain under Linux Centos7

Enterprise 2019-09-08 19:33:52 views: null

First, the principle:

nginx web property to prevent theft module

ngx_http_referer_module

HTTP Referer Header is part of, when the browser sends a request to a Web server, usually bring Referer, I tell the server which page links from over, whereby you can get some information server for processing, for example, did not prevent permission websites hotlinking images, files and so on. Therefore the HTTP Referer header information is generated by a program camouflage, so the security chain by the Referer not 100% reliable, however, it is possible to limit Daolian most cases.

Second, the security chain configuration

[root@nginx-server ~]# vim /etc/nginx/nginx.conf

Log Format add "$ http_referer", the default has been opened, and does not need to operate.

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                                '$status $body_bytes_sent "$http_referer" '
                                 '"$http_user_agent" "$http_x_forwarded_for"';

Third, the configuration of the original server

Prepare two machines, a picture
1, published in the website directory editing html files and prepare a picture called 33.jpg, where website publishers directory is / web1

vim /web1/index.html
<html>
        <head>
        <meta charset="utf-8">
        <title>hostphoto.com</title>
</head>
<body>
    <center><img src="33.jpg" alt="fangxi" width="1000px" height="900px" /></center>
</body>
</html>

2, sub-editing configuration files nginx

location / {
        root   /web1;
        index  index.html index.htm;
        valid_referers none blocked 192.168.16.150;
                if ($invalid_referer) {
                   return 403;
                }
    }

• none: no http_refer allowed to request access to resources;
• blocked: allow instead of http: // at the beginning, the request without the agreement of the firewall to access resources --- filtered out;
• server_names: allows only specified ip / domain name of request access to a resource (white list);

3, check the configuration file for errors, no errors reload.

nginx -t

nginx -s reload

Fourth, configure the server to theft

1, nginx configuration page and create a directory access

location / {
        root   /web1;
        index  index.html index.htm;
    }
mkdir /web1

2, create a page

vim /web1/index.html
<html>
<body style="background-color:red;">
    <img src="http://192.168.16.150/33.jpg" />
</body>
</html>

Five test

When you turn on the security chain, access to the server to theft, the picture does not show up.

When after the security chain code comments, access the server to theft, images can be displayed.

Guess you like

Origin blog.51cto.com/14482279/2436555
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com