配置防盗链
1.修改虚拟主机配置文件:
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://aaa.com" local_ref
#SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
2.重新加载:
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl restart
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
3.测试
直接输入111.com/bj.jpg无法访问,在51cto博客发超链接,可以访问
如果想要可以直接访问,需要把空refer打开
4.可以使用-e指定refer
[[email protected] ~]# curl -e "http://111.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:35:20 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Last-Modified: Tue, 02 May 2017 15:30:36 GMT
ETag: "7e25-54e8c38a0bf00"
Accept-Ranges: bytes
Content-Length: 32293
Content-Type: image/jpeg
[[email protected] ~]# curl -e "http://qq.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:35:58 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
访问控制Directory
1.修改虚拟主机配置文件
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/www.123.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>2.测试:
[[email protected] 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:50:41 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] 111.com]# curl -x192.168.188.130:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:52:06 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[[email protected] 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:52:21 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
127.0.0.1 - - [06/Mar/2018:22:50:41 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.188.130 - - [06/Mar/2018:22:52:06 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [06/Mar/2018:22:52:21 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
访问控制files match
1.修改参数
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
2.测试
[[email protected] 111.com]# curl -x192.168.188.130:80 http://111.com/admin/alsfjkagjk -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:04:03 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[[email protected] 111.com]# curl -x192.168.188.130:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 15:04:48 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[[email protected] 111.com]# curl -x127.0.0.1:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:05:11 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
原文地址:http://blog.51cto.com/13517254/2083646
时间: 2024-09-30 23:27:52