How to configure Nginx's anti-hotlinking

Experimental environment

• A minimally installed CentOS 7.3 virtual machine
• Configuration: 1 core/512MB
•nginx version 1.12.2

1. Configure hotlink website

1. Start an nginx virtual machine and configure two websites

vim /etc/nginx/conf.d/vhosts.conf

Add the following content

server {
 listen 80;
 server_name site1.test.com;
 root /var/wwwroot/site1;
 index index.html;

 location / {
 }
}

server {
 listen 80;
 server_name site2.test.com;
 root /var/wwwroot/site2;
 index index.html;

 location / {
 }
} 

2. Edit the C:\Windows\System32\drivers\etc\hosts file on the host machine

192.168.204.11 site1.test.com
192.168.204.11 site2.test.com

3. Create the website root directory

mkdir /var/wwwroot
cd /var/wwwroot
mkdir site1
mkdir site2
echo -e "<h1>site1</h1><img src='1.jpg'>" >> site1/index.html
echo -e "<h1>site2</h1><img src='http://site1.test.com/1.jpg'>" >> site2/index.html

4. Upload 1.jpg to the /var/wwwroot/site1 directory

5. Start nginx service

systemctl restart nginx
netstat -anpt | grep nginx 

6. Open port 80 on the firewall

setenforce 0
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

7. Access on the host machine

http://site1.test.com

http://site2.test.com

2. Configure site1.test.com anti-hotlinking

1. Edit the nginx configuration file

server {
 listen 80;
 server_name site1.test.com;
 root /var/wwwroot/site1;
 index index.html;

 location / {
 }

 location ~ \.(jpg|png|gif|jpeg)$ {
  valid_referers site1.test.com;
  if ($invalid_referer) {
   return 403;
  }
 }
}
server {
 listen 80;
 server_name site2.test.com;
 root /var/wwwroot/site2;
 index index.html;

 location / {
 }
} 

2. Restart nginx service

systemctl restart nginx

3. Access on the host machine

Clear the browser cache and visit http://site1.test.com

Clear the browser cache and visit http://site2.test.com

It can be seen that the anti-hotlink configuration has played a role

3. Configure anti-hotlinking to return other resources

1. Edit the nginx configuration file

Add a virtual host to rewrite the resources protected by anti-hotlinking

server {
 listen 80;
 server_name site1.test.com;
 root /var/wwwroot/site1;
 index index.html;
 location / {
 }
 location ~ \.(jpg|png|gif|jpeg)$ {
  valid_referers site1.test.com;
  if ($invalid_referer) {
   rewrite ^/ http://site3.test.com/notfound.jpg;
   #return 403;
  }
 }
}
server {
 listen 80;
 server_name site2.test.com;
 root /var/wwwroot/site2;
 index index.html;
 location / {
 }
}
server {
 listen 80;
 server_name site3.test.com;
 root /var/wwwroot/site3;
 index index.html;
 location / {
 }
}

explain

location ~ \.(jpg|png|gif|jpeg)$ {} is the file type for setting anti-hotlinking, separated by a vertical line |.
valid_referers site1.test.com *.nginx.org; is a whitelist, separated by spaces. You can use * to set wildcard domain names.
if ($invalid_referer) {} is used to determine whether it meets the whitelist. If it does not meet the whitelist, the content in {} will be executed.
rewrite ^/ http://site3.test.com/notfound.jpg; is to rewrite the resource. If it does not match the whitelist, it will be rewritten to this address.
return 403; means the returned status code is 403.

2. Create the site3 root directory

cd /var/wwwroot
mkdir site3
echo -e "<h1>site3</h1><img src='notfound.jpg'>" >> site3/index.html

3. Upload the notfound.jpg file to the /var/wwwroot/site3 directory

4. Restart nginx service

systemctl restart nginx

5. Edit the C:\Windows\System32\drivers\etc\hosts file on the host machine

Add mapping for site3.test.com

192.168.204.11 site1.test.com
192.168.204.11 site2.test.com
192.168.204.11 site3.test.com

6. Visit http://site2.test.com on the host machine

As you can see, the 1.jpg file from site1 stolen in site2 is redirected to the notfound.jpg file on site3.

Summarize

The above is the operation method of configuring Nginx's anti-hotlink that I introduced to you. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!