目录
- 防盗链的配置
- 访问控制
- 限定某目录禁止解析 PHP
- 限制 user_agent
- PHP 相关配置
- PHP 扩展模块安装
1. 防盗链的配置
1.1 什么是盗链
之后,访问 B 网站时,该图片的加载其实都是走的 A 网站的流量。如果这样的盗链很多,将白白浪费很多 A 网站的流量。
1.2 配制方法
[root@VMware01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /usr/loacal/apache2.4/htdocs/upload>
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
[root@VMware01 ~]# apachectl -t
Syntax OK
[root@VMware01 ~]# apachectl graceful
1.3 验证
2. 目录访问控制
2.1 配置方法
[root@VMware01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /usr/local/apache2.4/htdocs/upload/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
2.2 验证
3. 文件访问控制
3.1 配置方法
[root@VMware01 upload]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /usr/local/apache2.4/htdocs/upload>
<FilesMatch "forum.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
3.2 验证
3. 限定某目录禁止解析 PHP
3.1 配制方法
[root@VMware01 upload]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /usr/local/apache2.4/htdocs/upload>
php_admin_flag engine off
</Directory>
3.2 验证
4. 限制 user_agent
4.1 配制方法
[root@VMware01 upload]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mode_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>