how to forbidden other site stealing my forum attachment ?

二戒 wangyu1314 at gmail.com
Mon Jun 20 05:54:25 UTC 2016


sorry. I have found my forum can't show attachment now.

blow is the nginx vhost config fles, where is the mistake?

thank you.

server
{
listen 80;
server_name  www.cnprint.org;
index index.php index.html index.htm;
root  /home/website/cnprint;
location /bbs/ {
rewrite ^/bbs/((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$
/bbs/vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 last;
try_files $uri $uri/ /bbs/vbseo.php?$args;
}

location ~ ^/bbs/.+\.php$ {
fastcgi_pass  127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/bbs/vbseo.php;
include       fastcgi_params;
}

location = /bbs/attachment.php
{
valid_referers none blocked *.cnprint.org server_names ~\.google\.
~\.baidu\. ~\.360\. ~\.bing\.;
if ($invalid_referer) {
#    return 403;
   rewrite ^.*$ http://www.cnprint.org;
}
}

location ~ .*\.php?$
{
     try_files $uri =404;
     include fastcgi.conf;
     fastcgi_pass  127.0.0.1:9000;
     fastcgi_index index.php;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
    expires      30d;
}

}

2016-06-20 13:45 GMT+08:00 二戒 <wangyu1314 at gmail.com>:

> Edho Arief ,
>
> *thank you very much.*
> *it's work fine now.*
> *have a good day, thank again.*
>
> 2016-06-20 13:30 GMT+08:00 Edho Arief <me at myconan.net>:
>
>> Hi,
>>
>> On Mon, Jun 20, 2016, at 14:20, 二戒 wrote:
>> > I think should this line "location ~* ^/bbs/attachment+\.php?$" has
>> > mistake, but I can't resolve it.
>> >
>> > location ~* ^/bbs/attachment+\.php?$
>> > {
>> > valid_referers none blocked *.cnprint.org server_names ~\.google\.
>> > ~\.baidu\. ~\.360\. ~\.bing\.;
>> > if ($invalid_referer) {
>> > # return 403;
>> > rewrite ^.*$ http://www.cnprint.org;
>> > }
>> > }
>>
>>
>> 1. There's probably another regexp location block matching the url
>> before this block is defined (something like `location ~ \.php$ { }`)
>> and definition order matters in regexp location.
>>
>> 2. You need fastcgi stuff in the block as well otherwise it'll just
>> return the attachment.php file.
>>
>> 3. The regexp, while does match /bbs/attachment.php fine, it is a bit
>> confusing since it also matches /bbs/attachmentttttttt.ph .
>>
>> 3.1. might as well use exact match (`location = /bbs/attachment.php {
>> }`).
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160620/38505b5b/attachment.html>


More information about the nginx mailing list