配置防盗链:
防盗链:就是防止别人盗用你网站上的资源。通过限制referer来实现防盗链的功能
1.修改虚拟主机配置文件:/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/123.com>
SetEnvIfNoCase Referer "http://123.com" local_ref //用来定义referer的白名单
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref //此段的意思是,我们可以直接复制图片或其它资源的地址在浏览器中查看。空referer
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> //匹配资源做防盗链。
Order Allow,Deny //order制定顺序,先允许在拒绝
Allow from env=local_ref
</filesmatch>
</Directory>
如上,把123.com以及111.com两个站点可以随便引用咱们的资源,其它的站点均拒绝!
2.重新加载配置参数:
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
3.测试:
#curl -e "http://123.com/123.php" -x127.0.0.1:80 www.123.com/13_avatar_small.jpg -I
HTTP/1.1 200 OK
Date: Wed, 02 Aug 2017 08:46:37 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
Last-Modified: Wed, 07 Jun 2017 09:38:32 GMT
ETag: "97d4-5515b7fd39600"
Accept-Ranges: bytes
Content-Length: 38868
Content-Type: image/jpeg
# curl -e "http://qq.com/" -x127.0.0.1:80 www.123.com/13_avatar_small.jpg -I
HTTP/1.1 403 Forbidden
Date: Wed, 02 Aug 2017 08:46:52 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
-e: 指定referer
访问控制Directory
1.修改虚拟主机配置文件:/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
注:Order 定义访问顺序,先执行deny后执行allow
2.创建admin目录,新建一个index.php文件,内容位121212
# mkdir admin/
# cd admin/
# echo "121212" > index.php
3.重新加载配置参数:
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
4.测试:
curl -x127.0.0.1:80 111.com/admin/index.php -I
-x指定的是目标IP 127.0.0.1,限制的源IP也是127.0.0.1,也可以访问内容
curl -x192.168.133.150:80 111.com/admin/index.php -I
访问控制FilesMatch
1.修改虚拟主机配置文件:/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/www.123.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
访问控制除了目录的形式之外,也可以去匹配文件名或链接
2.重新加载配置参数:
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
3.测试