4.41-靜態文件過時緩存 4.42-Nginx防盜鏈 4.43-4.45 訪問控制1/2/3
4.41-靜態文件過時緩存php
什麼是靜態文件的過時時間css
讓圖片之類的靜態文件,緩存在客戶端的瀏覽器中,在沒有過時以前,瀏覽器不須要請求該圖片。 就是爲了讓這些圖片有一個時效性。 若是服務器上圖片已經作了更新,可是客戶端訪問到的仍是舊的。
如何配置:html
vi 虛擬主機配置文件,增長或更改
location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
{
expires 1d;
access_log off;
}
補充:linux
curl -x 用來指定目標服務器的IP和端口,例:curl -x127.0.0.1:80 -I www.aminglinux.cc bc 是一個linux系統下面的計算器,yum install -y bc
4.42-Nginx防盜鏈nginx
什麼叫防盜鏈?vim
兩個網站 A 和 B, A網站引用了B網站上的圖片,這種行爲就叫作盜鏈。 防盜鏈,就是要防止A引用B的圖片。
配置:windows
location ~ \.(png|gif|jpeg|bmp|mp3|mp4|flv)$
{
valid_referers none blocked server_names *.aming.com;
if ($invalid_referer) {
return 403;
}
}
補充:瀏覽器
rz 上傳文件,yum install lrzsz sz filename 這樣去把這個文件推送到windows上 測試防盜鏈: curl -I -e "http://www.aaa.com/1.txt" http://www.aming.com/1.png curl的-e指定自定義的referer
4.43-4.45 訪問控制1/2/3緩存
限制IP訪問:服務器
1)白名單
allow 127.0.0.1; dney all;
2)黑名單
deny 127.0.0.1;
deny 1.1.1.1;
限制某個目錄
location /admin/ //在admin目錄下操做
{
allow 127.0.0.1;
allow 192.168.112.136;
deny all;
}
限制某個目錄下的某類文件
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
代碼部分後續補充
靜態文件過時緩存
通常沒有設置靜態文件過時緩存的網頁
[root@test01 logrotate.d]# curl -x127.0.0.1:80 -I http://bbs.champin.top/static/image/common/logo_88_31.gif
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 18:18:55 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Thu, 14 Feb 2019 17:25:04 GMT
Connection: keep-alive
ETag: "5c65a470-9e0"
Accept-Ranges: bytes
[root@test01 logrotate.d]# cd
[root@test01 ~]# vim /etc/nginx/conf.d/bbs.champin.top.conf
location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
{
expires 1d;
access_log off;
}
[root@test01 ~]# curl -x127.0.0.1:80 -I http://bbs.champin.top/static/image/common/logo_88_31.gif
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 18:23:13 GMT
Content-Type: image/gif
Content-Length: 2528
Last-Modified: Thu, 14 Feb 2019 17:25:04 GMT
Connection: keep-alive
ETag: "5c65a470-9e0"
Expires: Tue, 19 Feb 2019 18:23:13 GMT
Cache-Control: max-age=86400 除以3600剛等於24,恰好一天
Accept-Ranges: bytes
Nginx防盜鏈
[root@test01 ~]# cd /data/wwwroot/www.champin.top/
[root@test01 ~]# yum install -y lrzsz 用rz命令上傳一張圖片到linux
[root@test01 www.champin.top]# ls ChMkJ1bKyj2IY5I6AAKq8xGyChkAALIYgLJm6cAAqsL010.jpg 1.png
用瀏覽器作測試,www.champin.top/1.png.打開圖片,複製下url地址http://blog.champin.top/1.png,在論壇上發帖,上傳網路圖片粘貼http://blog.champin.top/1.png。
location ~ \.(png|gif|jpeg|bmp|mp3|mp4|flv)$
{
valid_referers none blocked server_names www.champin.*;
if ($invalid_referer) {
return 403;
}
}
[root@test01 www.champin.top]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 www.champin.top]# nginx -s reload
作了防盜鏈以後。在瀏覽器上在論壇上圖片不顯示了。按f12後刷新,找到1.png變成了403,但圖片在博客上是能夠直接訪問,若是404了,把location root弄成全局。
[root@test01 www.champin.top]# curl -I -x127.0.0.1:80 -e "http://bbb.ccc.top/1.txt" "http://blog.champin.top/1.png"
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 19:05:12 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test01 www.champin.top]# curl -I -x127.0.0.1:80 -e "http://www.champin.top/1.txt" "http://blog.champin.top/1.png"
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 18 Feb 2019 19:05:27 GMT
Content-Type: image/png
Content-Length: 142135
Last-Modified: Mon, 18 Feb 2019 05:57:24 GMT
Connection: keep-alive
ETag: "5c6a4944-22b37"
Expires: Tue, 19 Feb 2019 19:05:27 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
訪問控制 (限制ip)
[root@test01 ~]# vi /etc/nginx/conf.d/bbs.champin.top.conf
server {
listen 80;
server_name bbs.champin.top;
白名單
allow 127.0.0.1;
allow 192.168.1.0/24; (只容許這兩個IP其餘的拒絕)
deny all;
[root@test01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 ~]# nginx -s reload
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top -I 訪問經過
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 19 Feb 2019 17:00:35 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
Set-Cookie: eCL1_2132_saltkey=Ib9b9Mro; expires=Thu, 21-Mar-2019 17:00:35 GMT; Max-Age=2592000; path=/; HttpOnly
Set-Cookie: eCL1_2132_lastvisit=1550592035; expires=Thu, 21-Mar-2019 17:00:35 GMT; Max-Age=2592000; path=/
Set-Cookie: eCL1_2132_sid=IATCGj; expires=Wed, 20-Feb-2019 17:00:35 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_lastact=1550595635%09index.php%09; expires=Wed, 20-Feb-2019 17:00:35 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_onlineusernum=1; expires=Tue, 19-Feb-2019 17:05:35 GMT; Max-Age=300; path=/
Set-Cookie: eCL1_2132_sid=IATCGj; expires=Wed, 20-Feb-2019 17:00:35 GMT; Max-Age=86400; path=/
[root@test01 ~]# curl -x192.168.28.107:80 bbs.champin.top
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
若是把網段改爲192.168.28.0/24
[root@test01 ~]# curl -x192.168.28.107:80 bbs.champin.top -I
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 19 Feb 2019 18:26:27 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
Set-Cookie: eCL1_2132_saltkey=W7z71obL; expires=Thu, 21-Mar-2019 18:26:27 GMT; Max-Age=2592000; path=/; HttpOnly
Set-Cookie: eCL1_2132_lastvisit=1550597187; expires=Thu, 21-Mar-2019 18:26:27 GMT; Max-Age=2592000; path=/
Set-Cookie: eCL1_2132_sid=l2ss2g; expires=Wed, 20-Feb-2019 18:26:27 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_lastact=1550600787%09index.php%09; expires=Wed, 20-Feb-2019 18:26:27 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_onlineusernum=1; expires=Tue, 19-Feb-2019 18:31:27 GMT; Max-Age=300; path=/
Set-Cookie: eCL1_2132_sid=l2ss2g; expires=Wed, 20-Feb-2019 18:26:27 GMT; Max-Age=86400; path=/
[root@test01 ~]# vi /etc/nginx/conf.d/bbs.champin.top.conf
黑名單(容許不用寫)
deny 127.0.0.1; 拒絕這兩個ip 其餘的容許
deny 1.1.1.1;
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top -I 拒絕的
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Tue, 19 Feb 2019 18:35:35 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test01 ~]# curl -x192.168.28.107:80 bbs.champin.top -I 容許的
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 19 Feb 2019 18:36:16 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
Set-Cookie: eCL1_2132_saltkey=PShnZ6Ue; expires=Thu, 21-Mar-2019 18:36:16 GMT; Max-Age=2592000; path=/; HttpOnly
Set-Cookie: eCL1_2132_lastvisit=1550597776; expires=Thu, 21-Mar-2019 18:36:16 GMT; Max-Age=2592000; path=/
Set-Cookie: eCL1_2132_sid=Ql354h; expires=Wed, 20-Feb-2019 18:36:16 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_lastact=1550601376%09index.php%09; expires=Wed, 20-Feb-2019 18:36:16 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_onlineusernum=1; expires=Tue, 19-Feb-2019 18:41:16 GMT; Max-Age=300; path=/
Set-Cookie: eCL1_2132_sid=Ql354h; expires=Wed, 20-Feb-2019 18:36:16 GMT; Max-Age=86400; p
限制某個目錄(針對某一個內部ip,目錄或者文件都是同樣的)
[root@test01 ~]# vi /etc/nginx/conf.d/bbs.champin.top.conf
server {
listen 80;
server_name bbs.champin.top;
#charset koi8-r;
location ~* \.(png|jpeg|gif|js|css|bmp|flv)$
{
expires 1d;
access_log off;
}
location ~ /admin.php
{
allow 127.0.0.1;
allow 192.168.1.0/24; 在此
deny all;
root /data/wwwroot/bbs.champin.top;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/bbs.champin.top$fastcgi_script_name;
include fastcgi_params;
}
[root@test01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 ~]# nginx -s reload
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top/admin.php -I 能夠訪問的
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:20:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
Set-Cookie: eCL1_2132_saltkey=GqQTq3zq; expires=Tue, 26-Mar-2019 17:20:22 GMT; Max-Age=2592000; path=/; HttpOnly
Set-Cookie: eCL1_2132_lastvisit=1551025222; expires=Tue, 26-Mar-2019 17:20:22 GMT; Max-Age=2592000; path=/
Set-Cookie: eCL1_2132_sid=i0hT05; expires=Mon, 25-Feb-2019 17:20:22 GMT; Max-Age=86400; path=/
Set-Cookie: eCL1_2132_lastact=1551028822%09admin.php%09; expires=Mon, 25-Feb-2019 17:20:22 GMT; Max-Age=86400; path=/
[root@test01 ~]# curl -x192.168.28.107:80 bbs.champin.top/admin.php -I 不能訪問
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:21:12 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test01 ~]# curl -x192.168.28.107:80 bbs.champin.top/admin -I 換一個目錄404說明是能夠訪問的
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:21:49 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test01 ~]# vi /etc/nginx/conf.d/bbs.champin.top.conf
location /abc 直接限定一個目錄
{
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
}
[root@test01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 ~]# nginx -s reload
[root@test01 ~]# curl -x192.168.28.107:80 bbs.champin.top/abc/123 -I
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:27:47 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top/abc/123 -I
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:28:11 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
限制某個目錄下的某類文件
[root@test01 ~]# vi /etc/nginx/conf.d/bbs.champin.top.conf
location ~ .*(upload|image|attachment|cache)/.*\.php$
{
deny all;
}
[root@test01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@test01 ~]# nginx -s reload
不能訪問
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top/abc/attachment/adfsdfsdf/dfsd.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:36:55 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
在attachment,改爲attachmenst就能夠訪問
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top/abc/attachmenst/adfsdfsdf/dfsd.php -I
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:37:32 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top/upload/adfsdfsdf/dfsd.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:39:40 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@test01 ~]# curl -x127.0.0.1:80 bbs.champin.top/cache/adfsdfsdf/dfsd.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Sun, 24 Feb 2019 17:39:56 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
相關文章
- 1. 靜態文件過時緩存、Nginx防盜鏈、訪問控制
- 2. 4..41靜態文件過時緩存4.42Nginx防盜鏈4.43-45訪問控制1/2/3
- 3. 4.41-Nginx靜態文件過時緩存
- 4. 靜態文件過時緩存、Nginx防盜鏈、訪問控制1/2/3
- 5. CentOS7 Nginx配置--靜態文件過時時間、防盜鏈、訪問控制
- 6. linux16-訪問控制
- 7. LNMP day-29 ( 4.38 nginx訪問日誌, 4.39 日誌不記錄靜態文件, 4.40 日誌切割, 4.41 靜態文件過期緩存, 4.42 nginx防盜鏈)
- 8. 日誌不記錄靜態文件,日誌切割,靜態文件過時緩存,nginx防盜鏈
- 9. LNMP---日誌不記錄靜態文件、日誌切割、靜態文件過時緩存、nginx防盜鏈
- 10. nginx訪問日誌/日誌切割/靜態文件過時時間/防盜鏈
- 更多相關文章...
- • Swift 訪問控制 - Swift 教程
- • 二級緩存的併發訪問策略和常用插件 - Hibernate教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • 三篇文章瞭解 TiDB 技術內幕——說存儲
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 靜態文件過時緩存、Nginx防盜鏈、訪問控制
- 2. 4..41靜態文件過時緩存4.42Nginx防盜鏈4.43-45訪問控制1/2/3
- 3. 4.41-Nginx靜態文件過時緩存
- 4. 靜態文件過時緩存、Nginx防盜鏈、訪問控制1/2/3
- 5. CentOS7 Nginx配置--靜態文件過時時間、防盜鏈、訪問控制
- 6. linux16-訪問控制
- 7. LNMP day-29 ( 4.38 nginx訪問日誌, 4.39 日誌不記錄靜態文件, 4.40 日誌切割, 4.41 靜態文件過期緩存, 4.42 nginx防盜鏈)
- 8. 日誌不記錄靜態文件,日誌切割,靜態文件過時緩存,nginx防盜鏈
- 9. LNMP---日誌不記錄靜態文件、日誌切割、靜態文件過時緩存、nginx防盜鏈
- 10. nginx訪問日誌/日誌切割/靜態文件過時時間/防盜鏈