配置防盜鏈,訪問控制Directory,FilesMatch
阿新 • • 發佈:2018-03-07
防盜鏈 訪問控制 配置防盜鏈
1.修改虛擬主機配置文件:
[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com> SetEnvIfNoCase Referer "http://111.com" local_ref SetEnvIfNoCase Referer "http://aaa.com" local_ref #SetEnvIfNoCase Referer "^$" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)"> Order Allow,Deny Allow from env=local_ref </filesmatch> </Directory>
2.重新加載:
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl restart
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl graceful
3.測試
直接輸入111.com/bj.jpg無法訪問,在51cto博客發超鏈接,可以訪問 如果想要可以直接訪問,需要把空refer打開
4.可以使用-e指定refer
[root@weixing01 ~]# curl -e "http://111.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I HTTP/1.1 200 OK Date: Tue, 06 Mar 2018 14:35:20 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Last-Modified: Tue, 02 May 2017 15:30:36 GMT ETag: "7e25-54e8c38a0bf00" Accept-Ranges: bytes Content-Length: 32293 Content-Type: image/jpeg [root@weixing01 ~]# curl -e "http://qq.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I HTTP/1.1 403 Forbidden Date: Tue, 06 Mar 2018 14:35:58 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
訪問控制Directory
1.修改虛擬主機配置文件
[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/www.123.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
2.測試:
[root@weixing01 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:50:41 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@weixing01 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@weixing01 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[root@weixing01 111.com]# curl -x192.168.188.130:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:52:06 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:52:21 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
127.0.0.1 - - [06/Mar/2018:22:50:41 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.188.130 - - [06/Mar/2018:22:52:06 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [06/Mar/2018:22:52:21 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
訪問控制files match
1.修改參數
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
2.測試
[root@weixing01 111.com]# curl -x192.168.188.130:80 http://111.com/admin/alsfjkagjk -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:04:03 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -x192.168.188.130:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 15:04:48 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:05:11 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
配置防盜鏈,訪問控制Directory,FilesMatch