nginx防盗链模块和跨域设置

/usr/local/nginx/sbin/nginx -V
./configure --help

ngx_http_referer_module是默认安装的

http_refer防盗链
Syntax:valid_referers none|blocked|server_names
Default:---
Context:server,location

none:  referer 来源头为空

blocked:   referer来源头部不为空,但是里面的值被代理或者防火墙删除了,这些值都不以http://或者https://开头
server_names:referer来源头包含当前的server_names

location ~ .*\.(jpg|gif|png)$ {
                valid_referers  none blocked   w1.cn *.w1.cn;
                if ($invalid_referer){
                        #return 403;
            rewrite ^/ https://www.baidu.com/img/bd_logo1.png?where=super;
            }
}

curl -I http://w1.cn/img/1.jpg
-I 只返回头部
-e "referer信息"
curl -e 'http://www.baidu.com' -I http://w1.cn/img/1.jpg

加密签名防盗链
第三方模块
HttpAccessKeyModule实现
wget http://wiki.nginx.org/images/5/51/Nginx-accesskey-2.0.3.tar.gz

accesskey  on|off
accesskey_hashmethod  md5|sha-1 签名加密方式
accesskey_arg  GET参数名称
accesskey_signature  加密规则
配置例子

location ~.*\.(gif|jpg|png|flv)$
{
    accesskey  on;
    accesskey_hashmethod md5;
    accesskey_arg "tk";
    accesskey_signature "mypass$remote_addr";
}

 跨域

Syntax: add_header name value [always]
Default:--
Context:http,server,location,if in location

 none:referer 来源头bd:refere来源头部不为空,但是里面的值被代理或者防火墙删除了,这些值都不以http://或者https://开头

rve

location ~ .*\.(html|htm)$ {
                add_header Access-Control-Allow-Origin  http://localhost;
                add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
                #root /mnt/hgfs/www/web;


        }

 

 

r_names:referer来源头包含当前的server_names