Home  >  Article  >  Operation and Maintenance  >  How to configure Nginx cross-domain access and anti-leeching

How to configure Nginx cross-domain access and anti-leeching

WBOY
WBOYforward
2023-05-13 18:31:121653browse

Cross-domain access control

Cross-domain access

How to configure Nginx cross-domain access and anti-leeching

##Why does the browser prohibit cross-domain access

Not safe, prone to CSRF attacks!


How to configure Nginx cross-domain access and anti-leeching

If website b controlled by a hacker adds malicious information in the response header to allow the client to access website a, a csrf attack will occur

How nginx configures cross-domain access

add_header syntax

  • syntax:add_header name value [always];

  • default:—

  • context:http, server, location, if in location

Syntax explanation:

  • add_header name value [always];

  • name represents the key returned by the response header

  • value represents the response header The value corresponding to the returned key

  • add_header cross-domain configuration

  • location ~ .*\.(htm|html)$ {
      add_header access-control-allow-origin *;
      add_header access-control-allow-methods get,post,put,delete,options;
      root /opt/app/code;
    }

Anti-hotlinking

Anti-hotlinking purpose

  • #Prevent resources from being misappropriated.

  • Prevent abnormal user access, occupy website resources, affect website performance, and will inevitably affect normal user access

Based on http_referer anti-hotlinking Configuration module

ngx_http_referer_module module is used to prevent requests with invalid values ​​in the "referer" header field from accessing the site.

Example

valid_referers none blocked server_names
 
        *.example.com example.* www.example.org/galleries/
 
        ~\.google\.;
 
if ($invalid_referer) {
 
  return 403;
 
}

referer_hash_bucket_size syntax

    ##syntax: referer_hash_bucket_size size;
  • default: referer_hash_bucket_size 64;
  • context: server, location
  • Syntax explanation:

referer_hash_bucket_size size; indicates that the setting is valid The storage size of the reference hash table.

referer_hash_max_size Syntax

    syntax: referer_hash_max_size size;
  • default: referer_hash_max_size 2048;
  • context: server, location
  • Syntax explanation:

referer_hash_max_size size; means setting the maximum size of the effective referrer hash table .


valid_referers syntax

    syntax: valid_referers none | blocked | server_names | string ...;
  • default: —
  • context: server, location
  • ## Syntax explanation:

valid_referers none | blocked | server_names | string ...;
  • none indicates that the "referer" field is missing in the request header;
  • blocked means that the "referer" field appears in the request header, but its value has been removed by the firewall or proxy server; these values ​​​​are strings that do not begin with "http://" or "https://";
  • server_names means the "referer" request header field contains a server name;
  • string means defining the server name and optional uri prefix. The server name can contain "*" at the beginning or end. The server port in the "referer" field was ignored during the check;
  • Anti-hotlink small case

touch test_referer.html (In the /op/app/code directory)

<html>
<head>
  <meta charset="utf-8">
  <title>imooc1</title>
</head>
<body style="background-color:red;"><br data-filtered="filtered">   <h1>张彪</h1>
  <img  src="http://192.168.1.112/wei.png"/ alt="How to configure Nginx cross-domain access and anti-leeching" >
</body>
</html>

If the anti-hotlink configuration is not transferred from the www.zhangbiao.com domain name, an error will be reportedHow to configure Nginx cross-domain access and anti-leeching

location ~ .*\.(jpg|gif|png)$ {
  valid_referers none blocked www.zhangbiao.com;
  if ($invalid_referer) {
    return 403;
  }
  root /opt/app/code/images;
}
location ~ /test_refer.html {
  root /opt/app/code;
 
}

Access

http://192.168.1.112/test_refer.html

##Access

http://www.zhangbiao.com/test_refer.html
How to configure Nginx cross-domain access and anti-leeching

##Allow other websites to access your website resource configuration

How to configure Nginx cross-domain access and anti-leeching

The above is the detailed content of How to configure Nginx cross-domain access and anti-leeching. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete