Nginx防盗链以及访问控制,Nginx解析php配置和代理

Nginx防盗链

1.编辑配置文件:

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
}

2.测试重新加载:

[[email protected] ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3.验证:

[[email protected] ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1 -I test.com/1.gif
curl: (7) Failed connect to 127.0.0.1:1080; 拒绝连接
[[email protected] ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:25:23 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[[email protected] ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:25:35 GMT
Content-Type: image/gif
Content-Length: 14
Last-Modified: Wed, 14 Mar 2018 17:20:46 GMT
Connection: keep-alive
ETag: "5aa959ee-e"
Expires: Thu, 22 Mar 2018 14:25:35 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

Nginx访问控制


针对目录
1.编辑配置文件:

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
 location /admin/
    {
         allow 127.0.0.1;
         allow 192.168.188.130;
         deny all;
    }

2.测试并重新加载:

[[email protected] ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3.进行验证:

[[email protected] ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:52:12 GMT
Content-Type: application/octet-stream
Content-Length: 10
Last-Modified: Thu, 15 Mar 2018 14:52:04 GMT
Connection: keep-alive
ETag: "5aaa8894-a"
Accept-Ranges: bytes

针对正则:

4.修改配置文件:

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ .*(upload|image)/.*\.php$
{
        deny all;
}

5.测试并重新加载:

[[email protected] ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

6.验证:

[[email protected] ~]# mkdir /data/wwwroot/test.com/upload
[[email protected] ~]# echo "1111" > /data/wwwroot/test.com/upload/1.php
[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[[email protected] ~]# echo "1111" > /data/wwwroot/test.com/upload/1.txt
[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.txt
1111

7.针对user_agent限制,修改配置文件:

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘)
{
      return 403;
}

8.测试并重新加载:

[[email protected] ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

9.进行验证 :

[[email protected] ~]# curl -A Tomatosjklajg-x127.0.0.1:80 test.com/upload/1.txt  -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 15:05:33 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[[email protected] ~]# curl -A Tmatosjklajg-x127.0.0.1:80 test.com/upload/1.txt  -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 15:05:47 GMT
Content-Type: text/plain
Content-Length: 5
Last-Modified: Thu, 15 Mar 2018 15:01:29 GMT
Connection: keep-alive
ETag: "5aaa8ac9-5"
Accept-Ranges: bytes

Nginx解析php相关配置

1.修改配置文件:

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ \.php$
    {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fcgi.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
    }

2.测试:

[[email protected] ~]# vi /data/wwwroot/test.com/3.php
[[email protected] ~]# curl -x127.0.0.1:80 test.com/3.php
<?php
phpinfo();

无法解析,重新加载

[[email protected] ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

再次查看结果
可以正常解析
3.如果遇到502的情况:

location ~ \.php$
    {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fgi.sock;                      #此行配置要根据主配置文件来看是写sock还是ip地址,一定要保持一致
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
    }

    access_log /tmp/test.com.log weixing;

}
[[email protected] ~]# curl -x127.0.0.1:80 test.com/3.php
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

不一致就会出现这种情况

Nginx代理

1.写一个配置文件:

[[email protected] ~]# cd /usr/local/
apache2.4/ bin/       include/   libexec/   nginx/     php-fpm/   src/
apr/       etc/       lib/       mariadb/   php/       sbin/
apr-util/  games/     lib64/     mysql/     php7/      share/
[[email protected] ~]# cd /usr/local/nginx/conf
[[email protected] conf]# cd vhost/
[[email protected] vhost]# vim proxy.conf
server
{
    listen 80;
    server_name ask.apelearn.com;

    location /
    {
        proxy_pass      http://47.91.145.78/;
        proxy_set_header Host   $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

2.验证并重新加载:

[[email protected] vhost]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload

3.进行测试:

[[email protected] vhost]# curl -x127.0.0.1:80  ask.apelearn.com/robots.txt
#
# robots.txt for MiWen
#

User-agent: *

Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/

原文地址:http://blog.51cto.com/13517254/2087402

时间: 2024-12-19 17:44:38

Nginx防盗链以及访问控制,Nginx解析php配置和代理的相关文章

LNMP(nginx防盗链,访问控制,解析php相关配置,Nginx代理,常见502问题)

一.nginx防盗链 nginx防盗链: [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf   添加以下内容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names  *.test.com ;      

Nginx防盗链、访问控制、解析php相关配置、Nginx代理

Nginx防盗链 编辑虚拟主机配置文件vim /usr/local/nginx/conf/vhost/test.com.conf 在配置文件中添加如下的内容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { ret

nginx防盗链,访问控制,解析php相关配置,nginx代理

nginx防盗链 配置如下,可以和不记录静态文件配置结合起来 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; #设置白名单 if ($invalid_referer) { return 403; #不过不是白名单的refer就403 } access_log

Nginx防盗链、访问控制 、解析php相关配置及Nginx代理

一.Nginx的防盗链在配置文件里面增加以下代码:(/usr/local/nginx/conf/vhost/test.com.conf) location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; }

Nginx配置:防盗链、访问控制、解析PHP以及代理

一.Nginx防盗链 防盗链是指一个网站的资源(图片或附件)未经允许在其它网站提供浏览和下载,尤其热门资源的盗链,对网站带宽的消耗非常大,设置防盗链以节省资源. 1.修改虚拟主机配置文件 [[email protected] vhost]# vim linuxtest.conf server { listen 80; server_name linuxtest.com; index index.html index.htm index.php; root /data/wwwroot/linuxt

2018-3-1512周4次课 Nginx防盗链、访问控制、配置PHP解析、代理

12.13 Nginx防盗链 [[email protected] test.com]# vim /usr/local/nginx/conf/vhost/test.com.conf ~* 表示不区分大小写 白名单 *.test.com,如果不是白名单,则返回403 [[email protected] test.com]# curl -e "http://www.baidu.com"-x127.0.0.1:80 test.com/1.gif -I HTTP/1.1 403 Forbid

12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配

12.13 Nginx防盗链 vim /usr/local/nginx/conf/vhost/test.com.conf加入location ~ ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${expires 7d;valid_referers none blocked server_names .test.com ;if ($invalid_referer) {return 403;}access_log off;}

92.Nginx配置:防盗链、访问控制、解析PHP以及代理

一.Nginx防盗链 防盗链是指一个网站的资源(图片或附件)未经允许在其它网站提供浏览和下载,尤其热门资源的盗链,对网站带宽的消耗非常大,设置防盗链以节省资源. 1.修改虚拟主机配置文件 [[email protected] vhost]# vim linuxtest.conf server { listen 80; server_name linuxtest.com; index index.html index.htm index.php; root /data/wwwroot/linuxt

Nginx防盗链与访问控制

防盗链 1.编辑配置文件 [[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; access_log /tmp/default.log juispan; location ~*