分类目录归档:nginx

nginx过滤request_method

业务需要过滤http的post put等请求,只开放get来确保数据的安全,实现方法如下:

root@t-slq-ops-1:/etc/nginx/sites-enabled# vim jumpserver.conf
server {
    listen       80;
    server_name  jumpserver.65emall.net;
    access_log /var/log/nginx/jumpserver.65emall.net.access.log main;
    error_log /var/log/nginx/jumpserver.65emall.net.error.log;

    if ($request_method != GET){
        return 403;
   }

    location / {
        proxy_pass  http://192.168.199.61:8888/;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

nginx防盗链配置

location ~* \.(gif|jpg|jpeg|png|ico)$ {
valid_referers none blocked www.xiemx.com xiemx.com;
if ($invalid_referer) {
    rewrite ^/ /haha.jpg;
    #return 404
}
.....
}

第一行:gif|jpg|jpeg|png|ico

表示对gif,jpg,jpeg,png,ico后缀的文件实行防盗链 

第二行:xiemx.com www.xiemx.com

表示对www.xiemx.com xiemx.com这2个来路进行判断 

if{}里面内容的意思是,如果来路不是指定来路就跳转到haha.jpg图片(我主要针对图片防盗链),或者返回404或者403。