To configure anti-leech:
Anti-leech can limit the access of unknown referers, and can prohibit other people's servers from quoting or forwarding the content on my server, which can prevent others from stealing the resources on my server, which will lead to an increase in the usage of network bandwidth.
1. Add the following to the configuration virtual host file:
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/111.com>
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "http://aaa.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<FilesMatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
</Directory>After modification, reload the configuration file:
[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@aming-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OKSetEnvIfNoCase : The SetEnvIf command sets the environment variable according to the client's request attribute. SetEnvIfNoCase represents that when a certain condition is met, the variable is assigned a value, which is generally used in conjunction with other commands.
SetEnvIfNoCase Referer "http://111.com"; local_ref: mark the referer that meets the condition with local_ref
Order Allow,Deny
Allow from env=local_ref : This section means that all the rest are forbidden except local_ref
2. Use curl to simulate Referer for testing
[root@aminglinux ~]# curl -e "http://www.qq.com/123.txt";; -x127.0.0.1:80 111.com/cc.jpg -I #模拟www.qq.com显示403
HTTP/1.1 403 Forbidden
Date: Sun, 04 Mar 2018 22:09:49 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
[root@aminglinux ~]# curl -e "http://111.com/123.txt";; -x127.0.0.1:80 111.com/cc.jpg -I #模拟成111.com成功访问
HTTP/1.1 200 OK
Date: Sun, 04 Mar 2018 22:10:40 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Last-Modified: Mon, 21 Aug 2017 14:32:40 GMT
ETag: "54bcb-5574459d3d200"
Accept-Ranges: bytes
Content-Length: 347083
Content-Type: image/jpegWhen the -e option is used, the description of the domain name cannot be scrambled and must start with http://.
Access Control Directory:
In addition to the access control of Directory, there is also the access control of FilesMatch. Directory access control is similar to restricting access to a directory, while FilesMatch access control is similar to restricting access to a file or file link. FilesMatch is written in Directory.
1. Edit the virtual host configuration file
vim /usr/local/httpd2.4/conf/extra/httpd-vhosts.conf2. Add the following section to the configuration file to control access to the admin directory under 111.com
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1 = 指定某IP访问
</Directory>Order is used to define the order Order deny, allow means deny first and then allow
This statement is denying all access, only through 127.0.0.1
3. After the configuration is completed, you need to check the configuration file and reload the configuration file to take effect
/usr/local/httpd2.4/bin/apachectl -t
/usr/local/httpd2.4/bin/apachectl graceful4. Use curl to test whether it is successful
[root@aminglinux ~]# curl -x127.0.0.1:80 111.com/admin/index.php
test
[root@aminglinux ~]# curl -x127.0.0.1:80 111.com/admin/index.php -I #使用127.0.0.1可以正常访问,
HTTP/1.1 200 OK
Date: Mon, 05 Mar 2018 16:26:57 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
[root@aminglinux ~]# curl -x192.168.177.7:80 111.com/admin/index.php -I #使用192.168.177.7访问失败提示403 Forbidden
HTTP/1.1 403 Forbidden
Date: Mon, 05 Mar 2018 16:27:42 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
Access Control FilesMatch:
1. Control access to the opening page of admin.php under 111.com, and also add the following paragraph to the virtual host configuration file:
<Directory /data/wwwroot/111.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
2. Use curl to test whether it is successful
[root@aminglinux ~]# curl -x192.168.177.7:80 111.com/admin.php?=1=2 -I # 显示403 Forbidden 不允许访问 404表示允许访问
HTTP/1.1 403 Forbidden
Date: Mon, 05 Mar 2018 19:23:54 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
Extension
Several ways to limit IP http://ask.apelearn.com/question/6519
apache custom header http://ask.apelearn.com/question/830
apache keepalive and keepalivetimeout http://ask.apelearn. com/question/556