配置防盗链
- 通过限制referer来实现防盗链的功能
- 配置文件增加如下内容 <Directory /data/wwwroot/www.111.com SetEnvIfNoCase Referer "http://www.111.com" local_ref SetEnvIfNoCase Referer "http://111.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)"> Order Allow,Deny Allow from env=local_ref </filesmatch> </Directory>
- curl -e "http://www.baidu.com/111.html" #自定义referer
[root@node35 ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# </Directory>
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://abc.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://abc.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 ~]# curl -e "http:///111.com/123.txt" -x127.0.0.1:80 111.com/qq.png -I
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2017 01:13:33 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Last-Modified: Fri, 22 Dec 2017 01:24:30 GMT
ETag: "1501e-560e3ad9acf80"
Accept-Ranges: bytes
Content-Length: 86046
Content-Type: image/png
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2017 01:13:33 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Last-Modified: Fri, 22 Dec 2017 01:24:30 GMT
ETag: "1501e-560e3ad9acf80"
Accept-Ranges: bytes
Content-Length: 86046
Content-Type: image/png
若想不使用referer情况运行显示,则将SetEnvIfNoCase Referer "^$" local_ref注释取消
访问控制——Directory
- 核心配置文件内容 <Directory /data/wwwroot/www.111.com/admin/>
- Order deny,allow
- Deny from all Allow from 127.0.0.1
- </Directory>
- curl测试状态为403则被限制访问了
[root@node35 ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 ~]# mkdir /data/wwwroot/111.com/admin
Syntax OK
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 ~]# echo "1212121212" > /data/wwwroot/111.com/admin/index.php
[root@node35 ~]# cd /data/wwwroot/111.com/
[root@node35 111.com]# cat admin/index.php
1212121212
[root@node35 111.com]# curl -x 127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2017 01:24:51 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
[root@node35 111.com]# curl -x 127.0.0.1:80 111.com/admin/index.php
1212121212
HTTP/1.1 200 OK
Date: Tue, 26 Dec 2017 01:24:51 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
[root@node35 111.com]# curl -x 127.0.0.1:80 111.com/admin/index.php
1212121212
访问控制FilesMatch
- 核心配置文件内容
- <Directory /data/wwwroot/111.com>
- <FilesMatch "admin.php(.*)">
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
- </FilesMatch>
- </Directory>
[root@node35 111.com]# !vi
vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl graceful
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 111.com]# curl -x192.168.33.35:80 http://111.com/admin/alsjdk -I
HTTP/1.1 404 Not Found
Date: Tue, 26 Dec 2017 01:35:37 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x192.168.33.35:80 'http://111.com/admin.php?/alsjdk' -I
HTTP/1.1 403 Forbidden
Date: Tue, 26 Dec 2017 01:36:43 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/admin.php?/alsjdk' -I
HTTP/1.1 404 Not Found
Date: Tue, 26 Dec 2017 01:38:17 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 404 Not Found
Date: Tue, 26 Dec 2017 01:35:37 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x192.168.33.35:80 'http://111.com/admin.php?/alsjdk' -I
HTTP/1.1 403 Forbidden
Date: Tue, 26 Dec 2017 01:36:43 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@node35 111.com]# curl -x127.0.0.1:80 'http://111.com/admin.php?/alsjdk' -I
HTTP/1.1 404 Not Found
Date: Tue, 26 Dec 2017 01:38:17 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1