1.8.8 配置防盜鏈
1.8.8 配置防盜鏈
經過限制referer來實現防盜鏈的功能
配置文件增長以下內容
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)"> //定義規則:
Order Allow,Deny //order定義訪問控制
Allow from env=local_ref
</filesmatch>
</Directory>
curl -e "http://www.aminglinux.com/123.html" 自定義referer
這個是我在開源中國定義的referer跳轉!
↑抱歉,我發現 回帖加連接不知道爲啥瀏覽器防盜鏈沒有效果了!禁止空白referer訪問仍是有效果的(待研究)php
查看了日誌以後,我發現 日誌裏面並無記錄到referer,用其餘回帖網站 也沒有看到referer,下次在研究這個咯!html
編輯配置:
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
SetEnvIfNoCase Referer "http://www.111.com" local_ref
# SetEnvIfNoCase Referer "www.oschina.net" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
測試效果:
[root@Dasoncheng ~]# curl -e "http://www.oschina.net" www.111.com/luds.jpg -I HTTP/1.1 403 Forbidden ##403遇到的第三個web反饋! …… [root@Dasoncheng ~]# curl www.111.com/luds.jpg -I HTTP/1.1 403 Forbidden …… ##以上使用referer和空referer都不能訪問,必須是www.111.com爲referer才能訪問這個.jpg ##爲何使用瀏覽器 回帖指定offerer均可以
再次編輯並測試!
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "www.oschina.net" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@Dasoncheng ~]# curl -e "http://www.oschina.net" www.111.com/luds.jpg -I HTTP/1.1 200 OK [root@Dasoncheng ~]# curl www.111.com/luds.jpg -I HTTP/1.1 200 OK ##防盜鏈訪問成功!
1.8.9 訪問控制Directory
核心配置文件內容
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
curl測試狀態碼爲403則被限制訪問了。linux
編輯配置:
##首先,上面修改的日誌記錄 修改後記得還原!(.jpg不記錄日誌)
[root@Dasoncheng ~]# mkdir -p /data/wwwroot/111.com/admin
[root@Dasoncheng ~]# vim /data/wwwroot/111.com/admin/index.php
[root@Dasoncheng ~]# cat /data/wwwroot/111.com/admin/index.php
<?php
echo "This page is forbidden;\n"
?>
[root@Dasoncheng ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php
This page is forbidden; ##成功訪問!
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
測試訪問:
[root@Dasoncheng ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php -I HTTP/1.1 403 Forbidden ##使用192.168.60.11訪問失敗,127.0.0.1卻能夠訪問; [root@Dasoncheng ~]# curl -x127.0.0.1:80 www.111.com/admin/index.php -I HTTP/1.1 200 OK
再次修改測試:
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.60.0/24
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@Dasoncheng ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php -I
HTTP/1.1 200 OK ##這裏已經能夠訪問了哦!!
小提示: 關於/etc/hosts和curl命令。
若是訪問一個本地域名,若是hosts文件裏面沒有解析的話 那麼咱們如何用curl訪問呢?
一、直接訪問ip:http://192.168.60.12
二、使用curl -x192.168.60.12:80 www.111.com 命令訪問(這樣就至關於指定了域名的ip,可是ip後面須要接端口號,否則默認訪問的是1080端口)
還有:
訪問本地站點:
curl -x127.0.0.1:80 那麼他就用127.0.0.1這個ip來訪問該地址!
curl -x192.168.60.11:80 則默認用192.168.60.11來訪問!(前提是訪問本地站點)web
1.8.10 訪問控制FilesMatch
核心配置文件內容
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)"> //等一下用正則寫看看能不能用!
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>apache
編輯配置並測試:
[root@Dasoncheng ~]# curl www.111.com/admin.php -I
HTTP/1.1 200 OK
[root@Dasoncheng ~]# curl www.111.com/admin/admin.html -I
HTTP/1.1 200 OK
[root@Dasoncheng ~]# curl www.111.com/index.php -I
HTTP/1.1 200 OK
[root@Dasoncheng ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.*">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@Dasoncheng ~]# /usr/local/apache2.4/bin/apachectl graceful
##測試↓:
[root@Dasoncheng ~]# curl www.111.com/admin.php -I
HTTP/1.1 403 Forbidden
[root@Dasoncheng ~]# curl www.111.com/admin/admin.html -I
HTTP/1.1 403 Forbidden
[root@Dasoncheng ~]# curl www.111.com/index.php -I
HTTP/1.1 200 OK
##訪問文件,並用正則限制成功了哦!
apache日誌記錄代理IP以及真實客戶端IP http://www.lishiming.net/thread-960-1-1.html
apache只記錄指定URI的日誌 http://www.lishiming.net/thread-981-1-1.html
apache日誌記錄客戶端請求的域名 http://www.lishiming.net/thread-1037-1-1.html
apache 日誌切割問題 http://www.lishiming.net/thread-566-1-1.html
幾種限制ip的方法 http://www.lishiming.net/thread-6519-1-1.html
apache 自定義header http://www.aminglinux.com/bbs/thread-830-1-1.html
apache的keepalive和keepalivetimeout http://www.aminglinux.com/bbs/thread-556-1-1.htmlvim
- 1. 配置防盜鏈
- 2. Nginx 之防盜鏈配置
- 3. Apache配置防盜鏈
- 4. nginx 防盜鏈配置
- 5. apache配置防盜鏈
- 6. Nginx配置——防盜鏈
- 7. nginx配置防盜鏈
- 8. nginx——配置 Nginx 防盜鏈
- 9. LAMP--Apache 配置防盜鏈
- 10. nginx 配置防盜鏈
- 更多相關文章...
- • Eclipse Debug 配置 - Eclipse 教程
- • Maven 環境配置 - Maven教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. js中 charCodeAt
- 2. Android中通過ViewHelper.setTranslationY實現View移動控制(NineOldAndroids開源項目)
- 3. 【Android】日常記錄:BottomNavigationView自定義樣式,修改點擊後圖片
- 4. maya 文件檢查 ui和數據分離 (一)
- 5. eclipse 修改項目的jdk版本
- 6. Android InputMethod設置
- 7. Simulink中Bus Selector出現很多? ? ?
- 8. 【Openfire筆記】啓動Mac版Openfire時提示「系統偏好設置錯誤」
- 9. AutoPLP在偏好標籤中的生產與應用
- 10. 數據庫關閉的四種方式
- 1. 配置防盜鏈
- 2. Nginx 之防盜鏈配置
- 3. Apache配置防盜鏈
- 4. nginx 防盜鏈配置
- 5. apache配置防盜鏈
- 6. Nginx配置——防盜鏈
- 7. nginx配置防盜鏈
- 8. nginx——配置 Nginx 防盜鏈
- 9. LAMP--Apache 配置防盜鏈
- 10. nginx 配置防盜鏈