Nginx防盜鏈問題

我正在嘗試在 nginx 中實現圖像盜鏈保護問題，我需要幫助。我有一個很大的問題是我的網站圖像被送出到像 StumbleUpon 這樣的社交網路，並帶有直接連結，比如

http://example.com/xxxxx.jpg

有時會獲得巨大的流量並增加 CPU 使用率和頻寬使用率。我想阻止其他推薦人直接訪問我的圖像並保護它們不被熱連結。

這是我的 vhost.conf 中的程式碼

server {
 access_log off;

 error_log  logs/vhost-error_log warn;
 listen    80;
 server_name  mydomain.com www.mydomain.com;

 # uncomment location below to make nginx serve static files instead of Apache
 # NOTE this will cause issues with bandwidth accounting as files wont be logged
 location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
  root   /home/username/public_html;
  expires 1d;
 }

  root   /home/mydomain/public_html;
}


 location / {
  client_max_body_size    10m;
  client_body_buffer_size 128k;

  proxy_send_timeout   90;
  proxy_read_timeout   90;

  proxy_buffer_size    4k;
  # you can increase proxy_buffers here to suppress "an upstream response
  #  is buffered to a temporary file" warning
  proxy_buffers     16 32k;
  proxy_busy_buffers_size 64k;
  proxy_temp_file_write_size 64k;

  proxy_connect_timeout 30s;

  proxy_redirect  http://www.mydomain.com:81   http://www.mydomain.com;
  proxy_redirect  http://mydomain.com:81   http://mydomain.com;

  proxy_pass   http://ip_address/;

  proxy_set_header   Host   $host;
  proxy_set_header   X-Real-IP  $remote_addr;
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

  expires       24h;

 }
 }

對於熱連結保護，我添加了此程式碼

location ~* (\.jpg|\.png|\.gif|\.jpeg)$ {
    valid_referers blocked www.mydomain.com mydomain.com;
    if ($invalid_referer) {
       return 403;
    }

這是該域的目前 nginx 程式碼，但它不起作用：

server {
 access_log off;

 error_log  logs/vhost-error_log warn;
 listen    80;
 server_name  mydomain.com www.mydomain.com;

 # uncomment location below to make nginx serve static files instead of Apache
 # NOTE this will cause issues with bandwidth accounting as files wont be logged
 location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
  root   /home/username/public_html;
  expires 1d;
 }

  root   /home/mydomain/public_html;
}
 location ~* (\.jpg|\.png|\.gif|\.jpeg)$ {
    valid_referers blocked www.mydomain.com mydomain.com;
    if ($invalid_referer) {
       return 403;
    }


 location / {
  client_max_body_size    10m;
  client_body_buffer_size 128k;

  proxy_send_timeout   90;
  proxy_read_timeout   90;

  proxy_buffer_size    4k;
  # you can increase proxy_buffers here to suppress "an upstream response
  #  is buffered to a temporary file" warning
  proxy_buffers     16 32k;
  proxy_busy_buffers_size 64k;
  proxy_temp_file_write_size 64k;

  proxy_connect_timeout 30s;

  proxy_redirect  http://www.mydomain.com:81   http://www.mydomain.com;
  proxy_redirect  http://mydomain.com:81   http://mydomain.com;

  proxy_pass   http://ip_address/;

  proxy_set_header   Host   $host;
  proxy_set_header   X-Real-IP  $remote_addr;
  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

  expires       24h;

 }
 }

我怎樣才能解決這個問題？

你應該問這個問題：https ://serverfault.com/

我目前的網站使用這個：

## Stop Image and Document Hijacking, alow Google, MSN PicSearch
location ~* \.(png|gif|jpg|jpeg)$ {
       set $testref "";
       if ($http_referer !~ ^(http://mydomain.com|http://www.google|http://images.search.yahoo|http://www.bing|http://pictures.ask)){
          set $testref I;
       }
       if ($http_user_agent !~* (Googlebot|psbot|msnbot|Yahoo|Ask)) {
          set $testref "${testref}G";
       }
       if ($testref = IG){
          return 444;
       }
}

你可以只使用第一個“if”部分，第二個是不要阻止Google和其他圖像蜘蛛。第一部分從 mydomain（和 google 等）查找引薦來源網址，在其他情況下返回 444。可以替換為返回空白.gif 圖像。

引用自：https://serverfault.com/questions/310431