12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配

12.13 Nginx防盗链

vim /usr/local/nginx/conf/vhost/test.com.conf
加入
location ~ ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names
.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
并保存退出。

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected]n001 vhost]# /usr/local/nginx/sbin/nginx -s reload
[[email protected] vhost]# curl -x127.0.0.1:80 -I -e "http://aaa.com/1.txt" test.com/1.gif
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Fri, 16 Mar 2018 06:24:30 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[[email protected] vhost]# curl -I -e "http://test.com/1.txt" test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 16 Mar 2018 06:28:50 GMT
Content-Type: image/gif
Content-Length: 16
Last-Modified: Wed, 14 Mar 2018 16:17:46 GMT
Connection: keep-alive
ETag: "5aa94b2a-10"
Expires: Fri, 23 Mar 2018 06:28:50 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
[[email protected] vhost]# curl -I -e "http://test.com/1.txt" lgx168.com/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 16 Mar 2018 06:33:03 GMT
Content-Type: text/html
Content-Length: 26
Last-Modified: Tue, 13 Mar 2018 15:52:31 GMT
Connection: keep-alive
ETag: "5aa7f3bf-1a"
Accept-Ranges: bytes

12.14 Nginx访问控制

[[email protected] vhost]# !vim
vim /usr/local/nginx/conf/vhost/test.com.conf

location /admin/
{
allow 192.168.133.1;
allow 127.0.0.1;
deny all;
}

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload
[[email protected] vhost]# mkdir /data/wwwroot/test.com/admin
[[email protected] vhost]# echo "123" > /data/wwwroot/test.com/admin/1.html
[[email protected] vhost]# curl -x192.168.15.132:80 test.com/admin/1.html
123
[[email protected] vhost]# curl -x127.0.0.1:80 test.com/admin/1.html
123
[[email protected] vhost]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.15.132 netmask 255.255.255.0 broadcast 192.168.15.255
inet6 fe80::996a:3fe7:cdd7:2bd3 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:56:59:af txqueuelen 1000 (Ethernet)
RX packets 2768 bytes 264282 (258.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2060 bytes 267554 (261.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.15.136 netmask 255.255.255.0 broadcast 192.168.15.255
ether 00:0c:29:56:59:af txqueuelen 1000 (Ethernet)

ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.98 netmask 255.255.255.255 broadcast 192.168.1.98
inet6 fe80::93d:8d08:a36c:e0c3 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:56:59:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 744 (744.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 60 bytes 5481 (5.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60 bytes 5481 (5.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[[email protected] vhost]# curl -x192.168.1.98:80 test.com/admin/1.html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# tail /tmp/test.com.log
127.0.0.1 - [15/Mar/2018:00:19:27 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [15/Mar/2018:00:20:51 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [15/Mar/2018:00:21:03 +0800] test.com "/2.jsghfgfh" 404 "-" "curl/7.29.0"
192.168.15.132 - [16/Mar/2018:14:50:12 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [16/Mar/2018:14:50:30 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"
192.168.1.98 - [16/Mar/2018:14:51:20 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"

vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ .(abc|image)/..php$
{
deny all;
}
if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘)
{
return 403;
}
[[email protected] vhost]# curl -x192.168.15.132:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# curl -x192.168.15.132:80 test.com/upload/1.txt
123
[[email protected] vhost]# curl -A "Tomatodsfsd" -x127.0.0.1:80 test.com/upload/1.txt
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
[[email protected] vhost]# curl -A "tomatodsfsd" -x127.0.0.1:80 test.com/upload/1.txt
123
[[email protected] vhost]# !tail
tail /tmp/test.com.log
127.0.0.1 - [15/Mar/2018:00:20:51 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [15/Mar/2018:00:21:03 +0800] test.com "/2.jsghfgfh" 404 "-" "curl/7.29.0"
192.168.15.132 - [16/Mar/2018:14:50:12 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"
127.0.0.1 - [16/Mar/2018:14:50:30 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"
192.168.1.98 - [16/Mar/2018:14:51:20 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"
192.168.1.98 - [16/Mar/2018:15:10:35 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"
192.168.15.132 - [16/Mar/2018:15:11:20 +0800] test.com "/upload/1.php" 403 "-" "curl/7.29.0"
192.168.15.132 - [16/Mar/2018:15:11:29 +0800] test.com "/upload/1.txt" 200 "-" "curl/7.29.0"
127.0.0.1 - [16/Mar/2018:15:13:48 +0800] test.com "/upload/1.txt" 403 "-" "Tomatodsfsd"
127.0.0.1 - [16/Mar/2018:15:14:08 +0800] test.com "/upload/1.txt" 200 "-" "tomatodsfsd"

12.15 Nginx解析php相关配置

vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
其中fastcgi_pass用来指定php-fpm的地址。如果php-fpm监听的是一个tcp:port的地址(127.0.0.1:9000),那么也需要在这里改成fastcgi_pass 127.0.0.1:9000。这个地址一定要和php-fpm服务监听的地址匹配,否则报502错误。
fastcgi_param SCRIPT_FILENAME 后面跟的路径为该站点的要目录,和前面定义的root那个路径保持一致。如不对,访问PHP页面出现404
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
curl -x127.0.0.1:80 test.com/3.php

12.16 Nginx代理

[[email protected] vhost]# vim proxy.conf
[[email protected] vhost]# cat !$
cat proxy.conf
server
{
listen 80;
server_name ask.apelearn.com;

location /
{
    proxy_pass      http://121.201.9.155/;
    proxy_set_header Host   $host;
    proxy_set_header X-Real-IP      $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}
[[email protected] vhost]# ping ask.apelearn.com
PING ask.apelearn.com (47.91.145.78) 56(84) bytes of data.
64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=1 ttl=128 time=14.5 ms
64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=2 ttl=128 time=13.9 ms
64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=3 ttl=128 time=15.2 ms
64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=4 ttl=128 time=13.9 ms
64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=5 ttl=128 time=15.1 ms
^C
--- ask.apelearn.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4009ms
rtt min/avg/max/mdev = 13.949/14.582/15.239/0.568 ms
[[email protected] vhost]# !vim
vim proxy.conf
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload
[[email protected] vhost]# curl -x127.0.0.1:80 ask.apelearn.com -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 16 Mar 2018 08:04:17 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.29
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ape__Session=jjbvdum6rk71rrofnn4lbjiap5; path=/; domain=.apelearn.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

[[email protected] vhost]# curl 127.0.0.1:80 ask.apelearn.com/robots.txt
This is the default site.
#

robots.txt for MiWen

#

User-agent: *

Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/

原文地址:http://blog.51cto.com/12058686/2087674

时间: 2024-10-13 21:11:42

12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配的相关文章

LNMP(nginx防盗链,访问控制,解析php相关配置,Nginx代理,常见502问题)

一.nginx防盗链 nginx防盗链: [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf   添加以下内容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names  *.test.com ;      

12.13 Nginx防盗链;12.14 Nginx访问控制;12.15 Nginx解析php相关配

扩展: 502问题汇总  : http://ask.apelearn.com/question/9109 location优先级 : http://blog.lishiming.net/?p=100 12.13 Nginx防盗链 设定目录访问受限: 1. 配置test.com网站目录的防盗链,编辑虚拟主机配置文件 : [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 插入黄框内容(注释掉红框行): locat

Nginx防盗链 Nginx访问控制 Nginx解析php相关配置 Nginx代理

12.13 Nginx防盗链cd /usr/local/nginx/conf/vhostvi test.com.conf将以上内容复制到下图位置测试,成功前提data/wwwroot/test.com目录下要有1.gif12.14 Nginx访问控制cd /usr/local/nginx/conf/vhostvi test.com.confFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=" alt="Nginx

2018-3-1512周4次课 Nginx防盗链、访问控制、配置PHP解析、代理

12.13 Nginx防盗链 [[email protected] test.com]# vim /usr/local/nginx/conf/vhost/test.com.conf ~* 表示不区分大小写 白名单 *.test.com,如果不是白名单,则返回403 [[email protected] test.com]# curl -e "http://www.baidu.com"-x127.0.0.1:80 test.com/1.gif -I HTTP/1.1 403 Forbid

nginx防盗链+访问控制+限制指定目录运行php+解析支持php+现在user_agent

nginx防盗链 作用:防止其他网站引用本web站图片与视频资源,导致本站流量过大,从而造成不必要的经济开支:比如:本网站test.com有图片文件1.gif,而B网站使用test.com/1.gif 引用我们的图片,那么本网站的图片访问就会上升,但是带宽会增加,访问test.com的用户量却没有增加,出口带宽成本缺增加了: 编辑虚拟配置文件 vim /usr/local/nginx/conf/vhost/test.com.conf 增加代码 location ~* ^.+\.(gif|jpg|

Nginx防盗链以及访问控制,Nginx解析php配置和代理

Nginx防盗链 1.编辑配置文件: [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_refer

48次课(Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理)

Nginx防盗链 编辑虚拟配置文件 [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 添加配置的内容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invali

nginx之旅(第二篇):nginx日志管理、nginx防盗链、nginx虚拟主机

一.nginx日志管理 Nginx访问日志主要有两个参数控制 1) log_format #用来定义记录日志的格式(可以定义多种日志格式,取不不同名字即可) log_format log_name string 2) access_log #用来指定日至文件的路路径及使用的何种日志格式记录日志 access_log logs/access.log main; log_format格式变量含义: 字段 含义 remote_addr 客户端地址 remote_user 客户端用户名 time_loc

Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理

Nginx防盗链 1.[[email protected] test.com]# vi /usr/local/nginx/conf/vhost/test.com.conf #+表示1或者多个,+前面的字符 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names  *.test.com ; #定