Nginx 防盗链

referer （引用页），常用于防盗链，当使用 CDN、OSS 时经常会碰到类似的提示。

referer 正确英文为 referrer，但由于早期 HTTP 规范的拼写错误，为了保持向后兼容也就将错就错了。

配置

Syntax: valid_referers none | blocked | server_names | string ...;
Default: —
Context: server, location

# Example
location / {
  valid_referers none blocked *.example.com example.* nginx.example.top/foo/ ~\.google\.;

  if ($invalid_referer) {
      return 403;
  }
  return 200 'valid_referers\n';
}

测试

1. *.example.com

curl -e 'http://dev.example.com' nginx.example.com
# 等价于
curl -H 'referer: http://dev.example.com' nginx.example.com
# HTTP/1.1 200 OK
# valid_referers

curl -ie 'http://dev.aexample.com' nginx.example.com
# HTTP/1.1 403 Forbidden

2. example.*

curl -ie 'http://example.org' nginx.example.com
# HTTP/1.1 200 OK
# valid_referers

curl -ie 'http://dev.example.org' nginx.example.com
# HTTP/1.1 403 Forbidden

curl -ie 'http://example.org/aaa' nginx.example.com
# HTTP/1.1 200 OK
# valid_referers

3. nginx.example.top/foo/

curl -ie 'http://nginx.example.top' nginx.example.com
# HTTP/1.1 403 Forbidden

curl -ie 'http://nginx.example.top/aaa' nginx.example.com
# HTTP/1.1 403 Forbidden

curl -ie 'http://nginx.example.top/foo' nginx.example.com
# HTTP/1.1 403 Forbidden
curl -ie 'http://nginx.example.top/foo/' nginx.example.com
# HTTP/1.1 200 OK
# valid_referers

curl -ie 'http://nginx.example.top/foo/aa' nginx.example.com
# HTTP/1.1 200 OK
# valid_referers

# Nginx 防盗链

# 配置

# 测试

# 1. *.example.com

# 2. example.*

# 3. nginx.example.top/foo/

Nginx 防盗链

配置

测试

1. *.example.com

2. example.*

3. nginx.example.top/foo/