一.防盗链概述
防盗链就是防止别人的网站代码里面盗用服务器的图片、文件、视频等相关资源;如果别人盗用网站的这些静态资源,明显的是会增大服务器的带宽压力;作为网站的维护人员,要杜绝服务器的静态资源被其他网站盗用
HTTP标准协议中专门的Referer字段记录,它的作用是可以追溯上一个入站地址是什么,此外,对于资源文件,可以追踪到包含显示它的网页地址是什么。因此,防盗链方法基于这个Referer字段
1、 Apache防盗链需要安装mod_rewrite模块
防盗链安装实验如下
一安装DNS服务
yum install bind -y
配置dns三个配置文件
vim /etc/named.conf
listen-on port 53 { any; }; //更改配置文件按
allow-query { any; };
vim /etc/named.rfc1912.zones
zone "yun.com" IN { //配置文件
type master;
file "yun.com.zone";
allow-update { none; };
};
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/yun.com.zone
[root@localhost ~]# vim /var/named/yun.com.zone
www IN A 192.168.183.130
关闭防火墙 开启服务
systemctl start named
systemctl stop firewalld
setenforce 0
安装apache服务
将apr和apr-util组件放到httpd的srclib目录中去
```bas
mv apr-util-1.6.0 httpd-2.4.29/srclib/apr-util
mv apr-1.6.2/ httpd-2.4.29/srclib/apr
安装apache环境包
[root@promote opt]# yum -y install \
gcc
gcc-c++
make
pcre
pcre-devel
expat-devel
zlib-devel
perl
配置Apache服务,防盗链需要mod_rewrite模块
```bash
./configure \
--prefix=/usr/local/httpd \
--enable-deflate \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi
编译且安装
make && make install
添加apache服务到系统
grep -v "#" /usr/local/httpd/bin/apachectl > /etc/init.d/http
vim /etc/init.d/httpd
#!/bin/bash
# chkconfig:2345 85 15
# description:Apache is a World Wide Web server.
chmod +x /etc/init.d/httpd
chkconfig --add httpd
chkconfig --list httpd
chkconfig --level 35 httpd on
设置主配置文件
Listen:192.168.43.211:80
ServerName:www.kgc.com
#开启rewrite模块
LoadModule rewrite_modules modules/mod_rewrite.so
#配置mod_rewrite模块的内容
<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://kgc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://kgc.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.kgc.com/error.png
</Directory>
``
验证模块
```bash
cd /usr/local/httpd/bin
./apachectl -t -D DUMP_MODULES | grep "rewrite".
rewrite_module (shared)
隐藏版本号
vim /usr/local/httpd/conf/httpd.conf
Include conf/extra/httpd-default.conf
vim /usr/local/httpd/conf/extra/httpd-default.conf
#只显示名称
ServerTokens Prod
加入页面图片
[root@192 htdocs]# ls
1.jpg error.png index.html
[root@192 htdocs]# vim index.html
<html><body>
<h1>It works!</h1>
<img style height=200px;width=300px src="1.jpg"/>
</body></html>
开启服务
[root@192 htdocs]# systemctl restart httpd