本文共 4904 字,大约阅读时间需要 16 分钟。
11.25 配置防盗链
通过限制 referer 来实现防盗链的功能
配置文件增加如下内容vim /usr/local/apache2.4/conf/extra/httpd-vhosts.confSetEnvIfNoCase Referer "http://www.111.com" local_ref SetEnvIfNoCase Referer "http://111.com" local_ref SetEnvIfNoCase Referer "^$" local_ref 重新加载配置 -t , gracefulcurl -e "http://www.qq.com/123.txt" -x127.0.0.1:80 111.com/baidu.png1 -I 自定义 refererOrder Allow,Deny Allow from env=local_ref
操作过程
[root@aming-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost :80>DocumentRoot "/data/wwwroot/111.com"ServerName 111.comServerAlias www.exampl.com 2111.com.cn<Directory /data/wwwroot/111.com>SetEnvIfNoCase Referer "" local_refSetEnvIfNoCase Referer "" local_refSetEnvIfNoCase Referer "^$" local_ref<filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)">Order Allow,DenyAllow from env=local_ref</filesmatch></Directory>ErrorLog "logs/111.com-error_log"SetEnvIf Request_URI "..gif$" img
SetEnvIf Request_URI "..jpg$" imgSetEnvIf Request_URI "..png$" imgSetEnvIf Request_URI "..bmp$" imgSetEnvIf Request_URI "..swf$" imgSetEnvIf Request_URI "..js$" imgSetEnvIf Request_URI "..css$" imgCustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined env=!img</VirtualHost>[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl graceful[root@aming-01 ~]# curl -e "http://www.qq.com/123.txt" -x127.0.0.1:80 111.com/baidu.png1 -IHTTP/1.1 404 Not FoundDate: Fri, 23 Mar 2018 16:53:25 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.34Content-Type: text/html; charset=iso-8859-1
11.26 访问控制Directory
核心配置文件内容
Order deny,allow Deny from all Allow from 127.0.0.1
curl 测试状态码为403则被限制访问了
操作过程
[root@aming-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost :80>DocumentRoot "/data/wwwroot/111.com"ServerName 111.comServerAlias www.exampl.com 2111.com.cnErrorLog "logs/111.com-error_log"<Directory /data/wwwroot/111.com/admin/>Order deny,allowDeny from allAllow from 127.0.0.1</Directory>SetEnvIf Request_URI "..gif$" imgSetEnvIf Request_URI "..jpg$" imgSetEnvIf Request_URI "..png$" imgSetEnvIf Request_URI "..bmp$" imgSetEnvIf Request_URI "..swf$" imgSetEnvIf Request_URI "..js$" imgSetEnvIf Request_URI "..css$" imgCustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined env=!img</VirtualHost>[root@aming-01 ~]# mkdir /data/wwwroot/111.com/admin[root@aming-01 ~]# vim /data/wwwroot/111.com/admin/index.php[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl graceful[root@aming-01 ~]# curl -x127.0.0.1:80 111.com/admin/index.php -IHTTP/1.1 200 OKDate: Fri, 23 Mar 2018 21:08:20 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.34X-Powered-By: PHP/5.6.34Content-Type: text/html; charset=UTF-8[root@aming-01 ~]# curl -x192.168.106.160:80 111.com/admin/index.php -IHTTP/1.1 403 ForbiddenDate: Fri, 23 Mar 2018 21:08:48 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.34Content-Type: text/html; charset=iso-8859-1
11.27 访问控制FilesMatch
访问控制- FilesMatch
核心配置文件内容Order deny,allow Deny from all Allow from 127.0.0.1
操作过程
[root@aming-01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost :80>DocumentRoot "/data/wwwroot/111.com"ServerName 111.comServerAlias www.exampl.com 2111.com.cnErrorLog "logs/111.com-error_log"<Directory /data/wwwroot/111.com><FilesMatch "admin.php(.)">Order deny,allowDeny from allAllow from 127.0.0.1</FilesMatch></Directory>SetEnvIf Request_URI "..gif$" imgSetEnvIf Request_URI "..jpg$" imgSetEnvIf Request_URI "..png$" imgSetEnvIf Request_URI "..bmp$" imgSetEnvIf Request_URI "..swf$" imgSetEnvIf Request_URI "..js$" imgSetEnvIf RequestURI ".*.css$" imgCustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access%Y%m%d.log 86400" combined env=!img</VirtualHost>[root@aming-01 ~]# vim /data/wwwroot/111.com/admin.php[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl graceful[root@aming-01 ~]# curl -x127.0.0.1:80 111.com/admin.php -IHTTP/1.1 200 OKDate: Tue, 17 Apr 2018 14:35:37 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.35X-Powered-By: PHP/5.6.35Cache-Control: max-age=0Expires: Tue, 17 Apr 2018 14:35:37 GMTContent-Type: text/html; charset=UTF-8[root@aming-01 ~]# curl -x192.168.106.160:80 111.com/admin.php -IHTTP/1.1 403 ForbiddenDate: Tue, 17 Apr 2018 14:34:37 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.35Content-Type: text/html; charset=iso-8859-1[root@aming-01 ~]# curl -x192.168.106.160:80 111.com/admin.php?lkajskdfj -IHTTP/1.1 403 ForbiddenDate: Tue, 17 Apr 2018 14:34:20 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.35Content-Type: text/html; charset=iso-8859-1
转载于:https://blog.51cto.com/9298822/2104611