經過限制referer來實現防盜鏈的功能php
在/usr/local/apache2.4/conf/extra/httpd-vhosts.conf中添加以下配置代碼:apache
<Directory /data/wwwroot/www.123.com> SetEnvIfNoCase Referer "http://111.com" local_ref //白名單 SetEnvIfNoCase Referer "http://aaa.com" local_ref //白名單 SetEnvIfNoCase Referer "^$" local_ref //空的referer <FilesMatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> //文件匹配格式 Order Allow,Deny //不經過規則 Allow from env=local_ref // 經過規則 </FilesMatch> </Directory>
/usr/local/apache2.4/bin/apachectl graceful
curl -x127.0.0.1:80 111.com/111.jpg -I
模擬referer測試:vim
curl -e "http://www.qq.com/123.txt" -x127.0.0.1:80 111.com/111.jpg -I
referer模擬成111.com測試成功訪問安全
curl -e "http://111.com/111.jpg" -x127.0.0.1:80 111.com/111.jpg -I
例如訪問日誌目錄等隱私目錄避免外部訪問,訪問控制下更安全curl
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com/admin/> Order allow,deny //排序表示先執行deny仍是先執行allow. Deny from all //拒絕選項 Allow from 127.0.0.1 //容許來源 </Directory>
注意:Order表示排序,決定是先執行下行 deny①仍是先allow②,allow表示容許的來源ip測試
/usr/local/apache2.4/bin/apachectl graceful
[root@yolks2 ~]# cd /data/wwwroot/111.com/ [root@yolks2 111.com]# ls 111.jpg admin.php index.php [root@yolks2 111.com]# mkdir admin [root@yolks2 111.com]# ls 111.jpg admin admin.php index.php [root@yolks2 111.com]# vim admin/index.php [root@yolks2 111.com]# cat !$ cat admin/index.php <?php echo "this is test admin/index.php"; ?>
curl -x127.0.0.1:80 111.com/admin/index.php -I
例如訪問日誌文件等隱私文件避免外部訪問,訪問控制下更安全this
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/www.123.com> <FilesMatch "admin.php(.*)"> Order deny,allow Deny from all Allow from 127.0.0.1 </FilesMatch> </Directory>
curl -x127.0.0.1:80 111.com/admin/index.php -I
幾種限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定義header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556url