FastDFS防盗链

FastDFS扩展模块内置了通过token来实现防盗链的功能。开启防盗链后，访问文件是需要在url中加两个参数：token和ts。ts为时间戳，token为系统根据时间戳和密码生成的信物。为了系统的安全，下面一起来开启防盗链吧！

1. 配置http访问

1.1 开启防盗链检查

vim /etc/fdfs/http.conf

# HTTP default content type http.default_content_type = application/octet-stream  # MIME types mapping filename # MIME types file format: MIME_type  extensions # such as:  image/jpeg  jpeg jpg jpe # you can use apache‘s MIME file: mime.types http.mime_types_filename=mime.types  # if use token to anti-steal # default value is false (0) http.anti_steal.check_token=true       # 修改1，开启防盗链检查  # token TTL (time to live), seconds # default value is 600 http.anti_steal.token_ttl=900  # 选择性修改token的过期时间  # secret key to generate anti-steal token # this parameter must be set when http.anti_steal.check_token set to true・ # the length of the secret key should not exceed 128 bytes http.anti_steal.secret_key=123456    # 修改2，防盗链密码  # return the content of the file when check token fail # default value is empty (no file sepecified) http.anti_steal.token_check_fail=/root/error.jpg    # 修改3，配置拒绝访问后显示的图片，需要是个有效可访问的图片  # if support multi regions for HTTP Range # default value is true http.multi_range.enabed = true 

1.2 重启nginx

service nginx restart  # 或 nginx -s reload 

1.3 验证

1. 没有开启防盗链，文件可以正常访问：

   

2. 成功开启防盗链后，访问文件时携带了错误的token，文件不能访问并且显示访问出错的图片

   

3. 携带正确的token，效果已经达到，只要保证密码不被泄露，我们的文件就是相对安全的

   

2. 开发服务端代码修改

2.1 fdfs_client.conf配置

http.anti_steal_token = true  # 启动防盗链 http.secret_key = 123456   # 防盗链密码  tracker_server=192.168.56.10:22122 tracker_server=192.168.56.11:22122 

2.2 服务器端

服务器端为文件访问生成token
remoteFilename:不能加group1（group name）

package com.aixin.tuna.fdfs;  import org.csource.common.MyException; import org.csource.fastdfs.ProtoCommon;  import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException;  /**  * Created by dailin on 2018/6/12.  */ public class FdfsFDL {     public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException {         String fileName = "M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png";         String host = "http://192.168.56.10:8888";         String secretKey = "123456";         String sourceUrl = getSourceUrl(fileName, host, secretKey);         System.out.println(sourceUrl);     }      /**      * 生成防盗链token      * @param remoteFilename 文件路径，不带group：M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png      * @param httpHost         文件服务器web访问地址      * @param secretKey         密码      * @return      * @throws UnsupportedEncodingException      * @throws NoSuchAlgorithmException      * @throws MyException      */     public static String getSourceUrl(String remoteFilename, String httpHost,String secretKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException {         int lts = (int)(System.currentTimeMillis() / 1000);         String token = ProtoCommon.getToken(remoteFilename, lts, secretKey); //初始化secret_key         return httpHost + "/" + remoteFilename + "?token=" + token + "&ts=" + lts;     } }

得到

http://192.168.56.10:8888/M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png?token=2fd428c6acc14126239e3a7d7d1d872b&ts=153

原文：https://www.cnblogs.com/xiaolinstudy/p/9341779.html