How to configure Nginx cross-domain access and anti-leeching-Nginx-php.cn

Home

Operation and Maintenance

Nginx

How to configure Nginx cross-domain access and anti-leeching

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 13, 2023 pm 06:31 PM

nginx

Cross-domain access control

Cross-domain access

How to configure Nginx cross-domain access and anti-leeching

##Why does the browser prohibit cross-domain access

Not safe, prone to CSRF attacks!

How to configure Nginx cross-domain access and anti-leeching

If website b controlled by a hacker adds malicious information in the response header to allow the client to access website a, a csrf attack will occur

How nginx configures cross-domain access

add_header syntax

syntax:add_header name value [always];
default:—
context:http, server, location, if in location

Syntax explanation:

add_header name value [always];
name represents the key returned by the response header
value represents the response header The value corresponding to the returned key
add_header cross-domain configuration

location ~ .*\.(htm|html)$ {
  add_header access-control-allow-origin *;
  add_header access-control-allow-methods get,post,put,delete,options;
  root /opt/app/code;
}

Anti-hotlinking

Anti-hotlinking purpose

#Prevent resources from being misappropriated.
Prevent abnormal user access, occupy website resources, affect website performance, and will inevitably affect normal user access

Based on http_referer anti-hotlinking Configuration module

ngx_http_referer_module module is used to prevent requests with invalid values in the "referer" header field from accessing the site.

Example

valid_referers none blocked server_names
 
        *.example.com example.* www.example.org/galleries/
 
        ~\.google\.;
 
if ($invalid_referer) {
 
  return 403;
 
}

referer_hash_bucket_size syntax

referer_hash_bucket_size size; indicates that the setting is valid The storage size of the reference hash table.

referer_hash_max_size Syntax

referer_hash_max_size size; means setting the maximum size of the effective referrer hash table .

valid_referers syntax

## Syntax explanation:

valid_referers none | blocked | server_names | string ...;

none indicates that the "referer" field is missing in the request header;
blocked means that the "referer" field appears in the request header, but its value has been removed by the firewall or proxy server; these values are strings that do not begin with "http://" or "https://";
server_names means the "referer" request header field contains a server name;
string means defining the server name and optional uri prefix. The server name can contain "*" at the beginning or end. The server port in the "referer" field was ignored during the check;

touch test_referer.html (In the /op/app/code directory)

<html>
<head>
  <meta charset="utf-8">
  <title>imooc1</title>
</head>
<body style="background-color:red;"><br data-filtered="filtered">　　 <h1 id="张彪">张彪</h1>
  <img  src="/static/imghwm/default1.png"  data-src="http://192.168.1.112/wei.png"  class="lazy"  / alt="How to configure Nginx cross-domain access and anti-leeching" >
</body>
</html>

If the anti-hotlink configuration is not transferred from the www.zhangbiao.com domain name, an error will be reported How to configure Nginx cross-domain access and anti-leeching

location ~ .*\.(jpg|gif|png)$ {
  valid_referers none blocked www.zhangbiao.com;
  if ($invalid_referer) {
    return 403;
  }
  root /opt/app/code/images;
}
location ~ /test_refer.html {
  root /opt/app/code;
 
}

Access

http://192.168.1.112/test_refer.html

##Access

http://www.zhangbiao.com/test_refer.html

##Allow other websites to access your website resource configuration

How to configure Nginx cross-domain access and anti-leeching

The above is the detailed content of How to configure Nginx cross-domain access and anti-leeching. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

Choosing Between NGINX and Apache: The Right Fit for Your NeedsApr 15, 2025 am 12:04 AM

NGINX and Apache have their own advantages and disadvantages and are suitable for different scenarios. 1.NGINX is suitable for high concurrency and low resource consumption scenarios. 2. Apache is suitable for scenarios where complex configurations and rich modules are required. By comparing their core features, performance differences, and best practices, you can help you choose the server software that best suits your needs.

How to start nginxApr 14, 2025 pm 01:06 PM

Question: How to start Nginx? Answer: Install Nginx Startup Nginx Verification Nginx Is Nginx Started Explore other startup options Automatically start Nginx

How to check whether nginx is startedApr 14, 2025 pm 01:03 PM

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

How to close nginxApr 14, 2025 pm 01:00 PM

To shut down the Nginx service, follow these steps: Determine the installation type: Red Hat/CentOS (systemctl status nginx) or Debian/Ubuntu (service nginx status) Stop the service: Red Hat/CentOS (systemctl stop nginx) or Debian/Ubuntu (service nginx stop) Disable automatic startup (optional): Red Hat/CentOS (systemctl disabled nginx) or Debian/Ubuntu (syst

How to configure nginx in WindowsApr 14, 2025 pm 12:57 PM

How to configure Nginx in Windows? Install Nginx and create a virtual host configuration. Modify the main configuration file and include the virtual host configuration. Start or reload Nginx. Test the configuration and view the website. Selectively enable SSL and configure SSL certificates. Selectively set the firewall to allow port 80 and 443 traffic.

How to solve nginx403 errorApr 14, 2025 pm 12:54 PM

The server does not have permission to access the requested resource, resulting in a nginx 403 error. Solutions include: Check file permissions. Check the .htaccess configuration. Check nginx configuration. Configure SELinux permissions. Check the firewall rules. Troubleshoot other causes such as browser problems, server failures, or other possible errors.

How to start nginx in LinuxApr 14, 2025 pm 12:51 PM

Steps to start Nginx in Linux: Check whether Nginx is installed. Use systemctl start nginx to start the Nginx service. Use systemctl enable nginx to enable automatic startup of Nginx at system startup. Use systemctl status nginx to verify that the startup is successful. Visit http://localhost in a web browser to view the default welcome page.

How to check whether nginx is started?Apr 14, 2025 pm 12:48 PM

In Linux, use the following command to check whether Nginx is started: systemctl status nginx judges based on the command output: If "Active: active (running)" is displayed, Nginx is started. If "Active: inactive (dead)" is displayed, Nginx is stopped.

See all articles