Nginx防盗链与访问控制

防盗链

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf

server

{

listen 80 default_server;

server_name aaa.com;

index index.html index.htm index.php;

root /data/wwwroot/default;

access_log /tmp/default.log juispan;

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$

{

expires 7d;

valid_referers none blocked server_names *.aaa.com ;

if ($invalid_referer) {

return 403;

}

access_log off;

}

2、检查与重载

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# curl -x127.0.0.1:80 aaa.com/pic001.gif -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 21:51:35 GMT

Content-Type: image/gif

Content-Length: 66698

Last-Modified: Sat, 12 Aug 2017 03:29:18 GMT

Connection: keep-alive

ETag: "598e760e-1048a"

Expires: Mon, 21 Aug 2017 21:51:35 GMT

Cache-Control: max-age=604800

Accept-Ranges: bytes

[[email protected] ~]# curl -e "http://www.hao123.com" -x127.0.0.1:80 aaa.com/pic001.gif -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 21:52:18 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

访问控制

限制目录

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf

server

{

listen 80 default_server;

server_name aaa.com;

index index.html index.htm index.php;

root /data/wwwroot/default;

access_log /tmp/default.log juispan;

location /admin/

{

allow 127.0.0.1;

deny all;

}

2、检查与重载

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# mkdir /data/wwwroot/default/admin

[[email protected] ~]# echo "test" > /data/wwwroot/default/admin/1.html

[[email protected] ~]# curl -x127.0.0.1:80 aaa.com/admin/1.html -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:13:08 GMT

Content-Type: text/html

Content-Length: 5

Last-Modified: Mon, 14 Aug 2017 22:03:03 GMT

Connection: keep-alive

ETag: "59921e17-5"

Accept-Ranges: bytes

[[email protected] ~]# curl -x122.112.253.88:80 aaa.com/admin/1.html -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:13:13 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

限制文件

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf

server

{

listen 80 default_server;

server_name aaa.com;

index index.html index.htm index.php;

root /data/wwwroot/default;

access_log /tmp/default.log juispan;

location ~ .*(upload|image)/.*\.php$

{

deny all;

}

2、检查与重载

[[email protected] ~]# mkdir /data/wwwroot/default/upload

[[email protected] ~]# echo "test" > /data/wwwroot/default/upload/1.php

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# curl -x127.0.0.1:80 aaa.com/upload/1.php -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:19:25 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

限制user-agent

1、编辑配置文件

[[email protected] ~]# vi /usr/local/nginx/conf/vhost/default.conf

server

{

listen 80 default_server;

server_name aaa.com;

index index.html index.htm index.php;

root /data/wwwroot/default;

access_log /tmp/default.log juispan;

if ($http_user_agent ~* ‘Spider/3.0|YoudaoBot|Tomato‘) ##星号忽略大小写

{

return 403;

}

2、检查与重载

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

3、测试效果

[[email protected] ~]# curl -A "apple" -x127.0.0.1:80 aaa.com/upload/1.php -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:31:09 GMT

Content-Type: application/octet-stream

Content-Length: 5

Last-Modified: Mon, 14 Aug 2017 22:17:17 GMT

Connection: keep-alive

ETag: "5992216d-5"

Accept-Ranges: bytes

[[email protected] ~]# curl -A "tomato" -x127.0.0.1:80 aaa.com/upload/1.php -I

HTTP/1.1 403 Forbidden

Server: nginx/1.12.1

Date: Mon, 14 Aug 2017 22:30:26 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

时间： 2024-10-11 23:04:28

Nginx防盗链与访问控制的相关文章

LNMP(nginx防盗链，访问控制，解析php相关配置，Nginx代理，常见502问题)

一.nginx防盗链 nginx防盗链: [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 添加以下内容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ;

2018-3-1512周4次课 Nginx防盗链、访问控制、配置PHP解析、代理

12.13 Nginx防盗链 [[email protected] test.com]# vim /usr/local/nginx/conf/vhost/test.com.conf ~* 表示不区分大小写白名单 *.test.com,如果不是白名单,则返回403 [[email protected] test.com]# curl -e "http://www.baidu.com"-x127.0.0.1:80 test.com/1.gif -I HTTP/1.1 403 Forbid

Nginx防盗链以及访问控制，Nginx解析php配置和代理

Nginx防盗链 1.编辑配置文件: [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_refer

Nginx防盗链、访问控制、解析php相关配置、Nginx代理

Nginx防盗链编辑虚拟主机配置文件vim /usr/local/nginx/conf/vhost/test.com.conf 在配置文件中添加如下的内容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { ret

nginx防盗链，访问控制，解析php相关配置，nginx代理

nginx防盗链配置如下,可以和不记录静态文件配置结合起来 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; #设置白名单 if ($invalid_referer) { return 403; #不过不是白名单的refer就403 } access_log

Nginx防盗链、访问控制、解析php相关配置及Nginx代理

一.Nginx的防盗链在配置文件里面增加以下代码:(/usr/local/nginx/conf/vhost/test.com.conf) location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; }

Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理

Nginx防盗链 1.[[email protected] test.com]# vi /usr/local/nginx/conf/vhost/test.com.conf #+表示1或者多个,+前面的字符 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; #定

12.13 Nginx防盗链；12.14 Nginx访问控制；12.15 Nginx解析php相关配

扩展: 502问题汇总 : http://ask.apelearn.com/question/9109 location优先级 : http://blog.lishiming.net/?p=100 12.13 Nginx防盗链设定目录访问受限: 1. 配置test.com网站目录的防盗链,编辑虚拟主机配置文件 : [[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 插入黄框内容(注释掉红框行): locat

Nginx防盗链 Nginx访问控制 Nginx解析php相关配置 Nginx代理

12.13 Nginx防盗链cd /usr/local/nginx/conf/vhostvi test.com.conf将以上内容复制到下图位置测试,成功前提data/wwwroot/test.com目录下要有1.gif12.14 Nginx访问控制cd /usr/local/nginx/conf/vhostvi test.com.confFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=" alt="Nginx