Appearance
防盗链配置
防盗链可以防止其他网站直接引用你的资源,保护带宽和服务器资源。
基本配置
简单防盗链
nginx
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403;
}
}允许特定域名
nginx
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
}完整配置
图片防盗链
nginx
server {
listen 80;
server_name www.example.com;
root /var/www/html;
# 图片防盗链
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
expires 30d;
add_header Cache-Control "public";
}
}视频防盗链
nginx
location ~* \.(mp4|webm|ogg|avi|mov)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
expires 30d;
add_header Cache-Control "public";
mp4;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
}字体防盗链
nginx
location ~* \.(woff|woff2|ttf|otf|eot)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
expires 1y;
add_header Cache-Control "public, immutable";
add_header Access-Control-Allow-Origin "*";
}返回替代图片
返回默认图片
nginx
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
rewrite ^/.*$ /images/default.png last;
}
expires 30d;
add_header Cache-Control "public";
}返回错误图片
nginx
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
rewrite ^/.*$ /images/error.png last;
}
expires 30d;
add_header Cache-Control "public";
}允许空Referer
允许直接访问
nginx
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
}说明:
none:允许空Refererblocked:允许Referer被防火墙或代理删除的情况
完整示例
生产环境配置
nginx
server {
listen 80;
server_name www.example.com;
root /var/www/html;
# 图片防盗链
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
rewrite ^/.*$ /images/default.png last;
}
expires 30d;
add_header Cache-Control "public";
}
# 视频防盗链
location ~* \.(mp4|webm|ogg|avi|mov)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
expires 30d;
add_header Cache-Control "public";
mp4;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
}
# 字体防盗链
location ~* \.(woff|woff2|ttf|otf|eot)$ {
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
}
expires 1y;
add_header Cache-Control "public, immutable";
add_header Access-Control-Allow-Origin "*";
}
}测试防盗链
测试正常访问
bash
curl -I http://www.example.com/images/logo.png测试盗链访问
bash
curl -I -H "Referer: http://www.other.com" http://www.example.com/images/logo.png测试空Referer
bash
curl -I -H "Referer:" http://www.example.com/images/logo.png常见问题
正常访问被拒绝
原因: valid_referers配置错误
解决: 检查valid_referers配置
nginx
valid_referers none blocked server_names *.example.com example.com;空Referer被拒绝
原因: 未添加none参数
解决: 添加none参数
nginx
valid_referers none blocked server_names *.example.com example.com;子域名被拒绝
原因: 未添加通配符
解决: 添加通配符
nginx
valid_referers none blocked server_names *.example.com example.com;总结
防盗链配置的关键点:
- valid_referers:设置允许的Referer
- none:允许空Referer
- blocked:允许Referer被删除的情况
- server_names:允许服务器域名
- 替代图片:返回默认图片而非403
合理配置防盗链,保护带宽和服务器资源。