1.8.8 配置防盗链
1.8.8 配置防盗链
经过限制referer来实现防盗链的功能
配置文件增长以下内容
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)"> //定义规则:
Order Allow,Deny //order定义访问控制
Allow from env=local_ref
</filesmatch>
</Directory>
curl -e "http://www.aminglinux.com/123.html" 自定义referer
这个是我在开源中国定义的referer跳转!
↑抱歉,我发现 回帖加连接不知道为啥浏览器防盗链没有效果了!禁止空白referer访问仍是有效果的(待研究)php
查看了日志以后,我发现 日志里面并无记录到referer,用其余回帖网站 也没有看到referer,下次在研究这个咯!html
编辑配置:
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
SetEnvIfNoCase Referer "http://www.111.com" local_ref
# SetEnvIfNoCase Referer "www.oschina.net" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
测试效果:
[root@Dasoncheng ~]# curl -e "http://www.oschina.net" www.111.com/luds.jpg -I HTTP/1.1 403 Forbidden ##403遇到的第三个web反馈! …… [root@Dasoncheng ~]# curl www.111.com/luds.jpg -I HTTP/1.1 403 Forbidden …… ##以上使用referer和空referer都不能访问,必须是www.111.com为referer才能访问这个.jpg ##为何使用浏览器 回帖指定offerer均可以
再次编辑并测试!
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "www.oschina.net" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@Dasoncheng ~]# curl -e "http://www.oschina.net" www.111.com/luds.jpg -I HTTP/1.1 200 OK [root@Dasoncheng ~]# curl www.111.com/luds.jpg -I HTTP/1.1 200 OK ##防盗链访问成功!
1.8.9 访问控制Directory
核心配置文件内容
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
curl测试状态码为403则被限制访问了。linux
编辑配置:
##首先,上面修改的日志记录 修改后记得还原!(.jpg不记录日志)
[root@Dasoncheng ~]# mkdir -p /data/wwwroot/111.com/admin
[root@Dasoncheng ~]# vim /data/wwwroot/111.com/admin/index.php
[root@Dasoncheng ~]# cat /data/wwwroot/111.com/admin/index.php
<?php
echo "This page is forbidden;\n"
?>
[root@Dasoncheng ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php
This page is forbidden; ##成功访问!
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
测试访问:
[root@Dasoncheng ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php -I HTTP/1.1 403 Forbidden ##使用192.168.60.11访问失败,127.0.0.1却能够访问; [root@Dasoncheng ~]# curl -x127.0.0.1:80 www.111.com/admin/index.php -I HTTP/1.1 200 OK
再次修改测试:
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.60.0/24
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@Dasoncheng ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php -I
HTTP/1.1 200 OK ##这里已经能够访问了哦!!
小提示: 关于/etc/hosts和curl命令。
若是访问一个本地域名,若是hosts文件里面没有解析的话 那么咱们如何用curl访问呢?
一、直接访问ip:http://192.168.60.12
二、使用curl -x192.168.60.12:80 www.111.com 命令访问(这样就至关于指定了域名的ip,可是ip后面须要接端口号,否则默认访问的是1080端口)
还有:
访问本地站点:
curl -x127.0.0.1:80 那么他就用127.0.0.1这个ip来访问该地址!
curl -x192.168.60.11:80 则默认用192.168.60.11来访问!(前提是访问本地站点)web
1.8.10 访问控制FilesMatch
核心配置文件内容
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)"> //等一下用正则写看看能不能用!
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>apache
编辑配置并测试:
[root@Dasoncheng ~]# curl www.111.com/admin.php -I
HTTP/1.1 200 OK
[root@Dasoncheng ~]# curl www.111.com/admin/admin.html -I
HTTP/1.1 200 OK
[root@Dasoncheng ~]# curl www.111.com/index.php -I
HTTP/1.1 200 OK
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.*">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
##测试↓:
[root@Dasoncheng ~]# curl www.111.com/admin.php -I
HTTP/1.1 403 Forbidden
[root@Dasoncheng ~]# curl www.111.com/admin/admin.html -I
HTTP/1.1 403 Forbidden
[root@Dasoncheng ~]# curl www.111.com/index.php -I
HTTP/1.1 200 OK
##访问文件,并用正则限制成功了哦!
apache日志记录代理IP以及真实客户端IP http://www.lishiming.net/thread-960-1-1.html
apache只记录指定URI的日志 http://www.lishiming.net/thread-981-1-1.html
apache日志记录客户端请求的域名 http://www.lishiming.net/thread-1037-1-1.html
apache 日志切割问题 http://www.lishiming.net/thread-566-1-1.html
几种限制ip的方法 http://www.lishiming.net/thread-6519-1-1.html
apache 自定义header http://www.aminglinux.com/bbs/thread-830-1-1.html
apache的keepalive和keepalivetimeout http://www.aminglinux.com/bbs/thread-556-1-1.htmlvim
- 1. 配置防盗链
- 2. Nginx 之防盗链配置
- 3. Apache配置防盗链
- 4. nginx 防盗链配置
- 5. apache配置防盗链
- 6. Nginx配置——防盗链
- 7. nginx配置防盗链
- 8. nginx——配置 Nginx 防盗链
- 9. LAMP--Apache 配置防盗链
- 10. nginx 配置防盗链
- 更多相关文章...
- • Eclipse Debug 配置 - Eclipse 教程
- • Maven 环境配置 - Maven教程
- • IntelliJ IDEA 代码格式化配置和快捷键
- • IDEA下SpringBoot工程配置文件没有提示
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 升级Gradle后报错Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地环境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中关键字前后几行的内容
- 5. XXE萌新进阶全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通过agent监控winserve12
- 8. IT行业UI前景、潜力如何?
- 9. Mac Swig 3.0.12 安装
- 10. Windows上FreeRDP-WebConnect是一个开源HTML5代理,它提供对使用RDP的任何Windows服务器和工作站的Web访问
- 1. 配置防盗链
- 2. Nginx 之防盗链配置
- 3. Apache配置防盗链
- 4. nginx 防盗链配置
- 5. apache配置防盗链
- 6. Nginx配置——防盗链
- 7. nginx配置防盗链
- 8. nginx——配置 Nginx 防盗链
- 9. LAMP--Apache 配置防盗链
- 10. nginx 配置防盗链