11.25 配置防盗链
防盗链功能为:不允许第三方网站调用本网站文件;
编辑配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
修改以下内容
<Directory /data/wwwroot/111.com>
SetEnvlfNoCase Referer "http://111.com" local_ref //白名单111.com
SetEnvlfNoCase Referer "http://aaa.com" local_ref //白名单第三方站点aaa.com
SetEnvlfNoCase Referer "^$" local_ref //白名单^$,禁止第三方站点,注释掉此行;
<FilesMatch "\.( txt | doc | mp3 | zip | rar | jpg | gif | png )"> //定义规则,标签不严格区分大小写,filesmatch也可;
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
</Directory>
保存后,重新加载
vim /usr/local/apache2.4/bin/apachectl -t
vim /usr/local/apache2.4/bin/apachectl graceful
测试
curl -x127.0.0.1:80 111.com/qq.png -I
200表示可以访问;403表示禁止访问;
自定义
curl -e "http://www.qq.com/123.txt" -x127.0.0.1:80 111.com/qq.png -I //自定义referer
11.26 访问控制Directory
编辑配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加以下内容
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
保存后,重新加载
vim /usr/local/apache2.4/bin/apachectl -t
vim /usr/local/apache2.4/bin/apachectl graceful
curl测试状态码为403则被限制访问了
curl -x127.0.0.1:80 111.com/admin/index.php -I
curl -x192.168.133.150:80 111.com/admin/index.php -I
查看日志
tail /usr/local/apache2.4/logs/111.com-access_20170708.log
200可以访问;403禁止访问;
11.27 访问控制FilesMatch
编辑配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加以下内容
<Directory /data/wwwroot/111.com>
<FilesMatch admin.php(.*)>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
保存后,重新加载
vim /usr/local/apache2.4/bin/apachectl -t
vim /usr/local/apache2.4/bin/apachectl graceful
测试
curl -x192.168.133.150:80 http://111.com/admin/alsjdflksajdflk -I
404找不到;
curl -x192.168.133.150:80 'http://111.com/admin.php?alsjdflksajdflk' -I
403禁止;
curl -x127.0.0.1:80 'http://111.com/admin.php?alsjdflksajdflk' -I
404找不到;
扩展
几种限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定义header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556