Nginx防盜鏈,訪問控制,解析PHP,代理
Nginx防盜鏈
[root@test-a nginx]# vim conf/vhost/abc.com.conf
[root@test-a nginx]# cat conf/vhost/abc.com.conf
server
{
listen 80;
server_name abc.com ab.com a.com;
index index.html index.htm index.php;
root /data/wwwroot/abc.com;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
valid_referers none blocked server_names *.abc.com; # server_names 能夠不要
if ($invalid_referer){
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/abc.com.log combined_realip;
}
[root@test-a nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test-a nginx]# ./sbin/nginx -s reload
[root@test-a nginx]# curl -e "http://www.a.com" -x127.0.0.1:80 -I a.com/1.jpg
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:02:37 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test-a nginx]# curl -e "http://www.abc.com" -x127.0.0.1:80 -I a.com/1.jpg
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:02:45 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 00:02:59 GMT
Connection: keep-alive
ETag: "5bfddb33-4"
Expires: Wed, 05 Dec 2018 07:02:45 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
Nginx 訪問控制
[root@test-a nginx]# curl -x192.168.77.139:80 -I a.com/admin/ # 配置前先訪問測試
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:18:18 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT
Connection: keep-alive
ETag: "5bfe4066-4"
Accept-Ranges: bytes
[root@test-a nginx]# vim conf/vhost/abc.com.conf #配置
[root@test-a nginx]# cat conf/vhost/abc.com.conf
server
{
listen 80;
server_name abc.com ab.com a.com;
index index.html index.htm index.php;
root /data/wwwroot/abc.com;
#if ($host != 'abc.com'){
# rewrite ^/(.*)$ http://abc.com/$1 permanent;
#}
location /admin/
{
allow 127.0.0.1;
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
valid_referers none blocked server_names *.abc.com;
if ($invalid_referer){
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/abc.com.log combined_realip;
}
[root@test-a nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test-a nginx]# ./sbin/nginx -s reload
[root@test-a nginx]# curl -x192.168.77.139:80 -I a.com/admin/
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:07 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test-a nginx]# curl -x127.0.0.1:80 -I a.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:20 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT
Connection: keep-alive
ETag: "5bfe4066-4"
Accept-Ranges: bytes
正則匹配進行控制,例如: 禁止訪問某目錄下的php文件php
# 配置前訪問測試
[root@test-a nginx]# curl -x127.0.0.1:80 -I a.com/upload/1.php
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:33:58 GMT
Content-Type: application/octet-stream
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:33:22 GMT
Connection: keep-alive
ETag: "5bfe44c2-4"
Accept-Ranges: bytes
# 配置
[root@test-a nginx]# cat conf/vhost/abc.com.conf
server
{
listen 80;
server_name abc.com ab.com a.com;
index index.html index.htm index.php;
root /data/wwwroot/abc.com;
#if ($host != 'abc.com'){
# rewrite ^/(.*)$ http://abc.com/$1 permanent;
#}
location ~ .*upload/.*\.php$
{
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
valid_referers none blocked server_names *.abc.com;
if ($invalid_referer){
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/abc.com.log combined_realip;
}
# 從新加載配置,再訪問測試
[root@test-a nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test-a nginx]# ./sbin/nginx -s reload
[root@test-a nginx]# curl -x192.168.77.139:80 -I a.com/admin/
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:07 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test-a nginx]# curl -x127.0.0.1:80 -I a.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:20 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT
Connection: keep-alive
ETag: "5bfe4066-4"
Accept-Ranges: bytes
根據user_agent進行控制css
# 配置前測試
[root@test-a nginx]# curl -A "baidu" -x127.0.0.1:80 -I a.com/upload/1.txt
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:40:24 GMT
Content-Type: text/plain
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:33:17 GMT
Connection: keep-alive
ETag: "5bfe44bd-4"
Accept-Ranges: bytes
# 配置,加載配置,再訪問測試
[root@test-a nginx]# cat conf/vhost/abc.com.conf
server
{
listen 80;
server_name abc.com ab.com a.com;
index index.html index.htm index.php;
root /data/wwwroot/abc.com;
if ($http_user_agent ~ 'baidu|testagent'){
return 403;
}
location ~ .*upload/.*\.php$
{
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
valid_referers none blocked server_names *.abc.com;
if ($invalid_referer){
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/abc.com.log combined_realip;
}
[root@test-a nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test-a nginx]# ./sbin/nginx -s reload
[root@test-a nginx]# curl -A "baidu" -x127.0.0.1:80 -I a.com/upload/1.txt
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:40:37 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Nginx解析PHP配置
# 配置前訪問測試
[root@test-a abc.com]# curl -x127.0.0.1:80 abc.com/index.php
<?php
echo "1111111111";
?>
# 配置
[root@test-a abc.com]# cd /usr/local/nginx/conf/vhost/
[root@test-a vhost]# vim abc.com.conf
[root@test-a vhost]# cat abc.com.conf
server
{
listen 80;
server_name abc.com ab.com a.com;
index index.html index.htm index.php;
root /data/wwwroot/abc.com;
if ($http_user_agent ~ 'baidu|testagent'){
return 403;
}
location ~ .*upload/.*\.php$
{
return 403;
}
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/abc.com$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 7d;
valid_referers none blocked server_names *.abc.com;
if ($invalid_referer){
return 403;
}
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
access_log /tmp/abc.com.log combined_realip;
}
[root@test-a vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test-a vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@test-a vhost]# curl -x127.0.0.1:80 abc.com/index.php
1111111111[root@test-a vhost]#
Nginx代理
# 配置前,想測試訪問baidu的robots.txt,結果訪問本地的robots.txt,本地不存在
[root@test-a vhost]# curl -x127.0.0.1:80 www.baidu.com/robots.txt
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.14.1</center>
</body>
</html>
# 添加代理服務配置
[root@test-a vhost]# vim proxy.conf
[root@test-a vhost]# cat proxy.conf
server
{
listen 80;
server_name www.baidu.com;
location /
{
proxy_pass http://61.135.169.125/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
[root@test-a vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@test-a vhost]# /usr/local/nginx/sbin/nginx -s reload
# 訪問測試,訪問的是baidu的robots.txt
[root@test-a vhost]# curl -x127.0.0.1:80 www.baidu.com/robots.txt
User-agent: Baiduspider
Disallow: /baidu
Disallow: /s?
Disallow: /ulink?
Disallow: /link?
Disallow: /home/news/data/
User-agent: Googlebot
Disallow: /baidu
Disallow: /s?
Disallow: /shifen/
Disallow: /homepage/
Disallow: /cpro
Disallow: /ulink?
Disallow: /link?
Disallow: /home/news/data/
...
相關文章
- 1. nginx防盜鏈-訪問控制-解析php配置-nginx代理
- 2. nginx防盜鏈、訪問控制、PHP解析、服務器代理
- 3. nginx防盜鏈、訪問控制、解析php、代理服務
- 4. Nginx防盜鏈 Nginx訪問控制 Nginx解析php相關配置 Nginx代理
- 5. Nginx防盜鏈&Nginx訪問控制&Nginx解析php相關配置&Nginx代理
- 6. Nginx防盜鏈,Nginx訪問控制,,Nginx解析php相關配置,Nginx代理
- 7. Nginx防盜鏈、Nginx訪問控制、Nginx解析php相關配置、Nginx代理
- 8. Nginx防盜鏈,Nginx訪問控制, Nginx解析php相關配置, Nginx代理
- 9. Nginx防盜鏈; Nginx訪問控制; Nginx解析php相關配置; Nginx代理
- 10. Nginx防盜鏈、訪問控制、Nginx解析PHP相關配置、Nginx代理
- 更多相關文章...
- • Swift 訪問控制 - Swift 教程
- • XML DOM 解析器 - XML DOM 教程
- • PHP Ajax 跨域問題最佳解決方案
- • ☆技術問答集錦(13)Java Instrument原理
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. nginx防盜鏈-訪問控制-解析php配置-nginx代理
- 2. nginx防盜鏈、訪問控制、PHP解析、服務器代理
- 3. nginx防盜鏈、訪問控制、解析php、代理服務
- 4. Nginx防盜鏈 Nginx訪問控制 Nginx解析php相關配置 Nginx代理
- 5. Nginx防盜鏈&Nginx訪問控制&Nginx解析php相關配置&Nginx代理
- 6. Nginx防盜鏈,Nginx訪問控制,,Nginx解析php相關配置,Nginx代理
- 7. Nginx防盜鏈、Nginx訪問控制、Nginx解析php相關配置、Nginx代理
- 8. Nginx防盜鏈,Nginx訪問控制, Nginx解析php相關配置, Nginx代理
- 9. Nginx防盜鏈; Nginx訪問控制; Nginx解析php相關配置; Nginx代理
- 10. Nginx防盜鏈、訪問控制、Nginx解析PHP相關配置、Nginx代理