nginx配置文件防盗链

#VHOST: x.abc.com
server {
    listen       80;
    server_name  x.abc.com;
    charset utf-8;
    access_log off;

    location / {
        return 404;
    }

    location /themes/ {
        alias   C:/abc/abc_Web/themes/;

        valid_referers none blocked server_names abc.com *.abc.com *.abc.net;
        if ($invalid_referer) {
            return 403;
        }

        if ($document_uri ~ "^/themes/(default|img\/(icon|upload))/.*") {            
            break;
        }

        if ($document_uri ~ "^/themes/js/(app|widgets)/.*"){            
            break;
        }        
    }

    location /game/ {
        alias   C:/abc/abc_Web/game/;

        valid_referers none blocked server_names abc.com *.abc.com *.abc.net;
        if ($invalid_referer) {
            return 403;
        }
    }

    location /images/ {
        alias   C:/abc/abc_Web/images/;
    }
}

这段代码的意思是：

listen       80;  监听的端口为80

server_name  x.abc.com; 服务器名称为x.abc.com

charset utf-8; 字符集编码为utf-8

access_log off;  不记录访问log日志

location / {
        return 404;
    }

不允许直接访问根目录

http://x.abc.com/themes/ 将访问指向本地 C:/abc/abc_Web/themes/;

valid_referers none blocked server_names abc.com *.abc.com *.abc.net;

上面这段就是重点，valid_referers none 阻止referers，排除referers为abc.com *.abc.com *.abc.net的域名

然后就是验证了：$invalid_referer

if ($invalid_referer) {
            return 403;
        }

满足条件则返回403

可以使得正则匹配指定的资源，如.gif或.jpg、.swf、.mp3结尾的资源，还有就是判断其host..