Nginx:防止直接访问静态文件 [英] Nginx: Prevent direct access to static files

问题描述

我已经搜索了一段时间，但没有找到适合我需求的任何东西.我不需要盗链保护，就像我想阻止人们直接访问我的文件一样.让我们说:

I've been searching for a while now but didn't manage to find anything that fits my needs. I don't need hotlinking protection, as much as I'd like to prevent people from directly accessing my files. Let's say:

我的 website.com 请求 website.com/assets/custom.js，这是可行的，但我希望直接访问此文件的访问者获得一个 403 状态代码 或其他东西.我真的不知道这是否可能，我也没有任何合乎逻辑的步骤..

My website.com requests website.com/assets/custom.js, that'd work,but I'd like visitors which directly visit this file to get a 403 status code or something. I really have no idea if it's possible, and I don't have any logical steps in mind..

问候！

推荐答案

你可以使用 nginx referer 模块:http://nginx.org/en/docs/http/ngx_http_referer_module.html.像这样:

You can use nginx referer module: http://nginx.org/en/docs/http/ngx_http_referer_module.html. Something like this:

server {
    listen 80;
    server_name website.com;
    root /var/www/website.com/html ;
    location /assets/ {
        valid_referers website.com/ website.com/index.html website.com/some_other_good_page.html ;
        if ($invalid_referer) {
            deny all;
        }
    }
}

这个配置保护assets 目录.但请记住，这不能保证并且仅适用于浏览器 - 任何主体都可以使用 curl 或 telnet 模拟有效请求.为了真正的安全，您需要使用带有动态生成链接的动态生成页面.

This config guard assets directory. But remember, that not guaranteed and worked only for browser - any body can emulate valid request with curl or telnet. For true safety you need use dynamic generated pages with dynamic generated links.

您不需要创建变量 $invalid_referer，因为这是由 nginx 模块设置的.

You do not need to create the variable $invalid_referer as this is set by the nginx module.

这篇关于Nginx:防止直接访问静态文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！