配置防盗链、访问控制Directory、访问控制FilesMat

作者: 强出头 | 来源:发表于2018-04-18 16:39 被阅读0次

配置防盗链

[root@wsl-001 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
(增加如下语句)
<Directory /data/wwwroot/111.com>
        SetEnvIfNoCase Referer "http://111.com" local_ref
        SetEnvIfNoCase Referer "http://aaa.com" local_ref
        SetEnvIfNoCase Referer "^$" local_ref
        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
            Order Allow,Deny
            Allow from env=local_ref
        </filesmatch>
    </Directory>

[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful

[root@wsl-001 ~]# curl -e "http://www.baidu.com" -x 127.0.0.1:80 111.com/test.jpg -I
HTTP/1.1 403 Forbidden
Date: Tue, 17 Apr 2018 14:00:53 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

如果域名是带二级域名的。这个referer 要怎么样写个通配？

SetEnvIfNoCase Referer "^http://.*\.yourdomin\.com" local_ref
SetEnvIfNoCase Referer ".*\.yourdomin\.com" local_ref

第二行就是通配

访问控制Directory

访问控制Directory

[root@wsl-001 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
(在Directory前面增加如下配置)

<Directory /data/wwwroot/111.com/admin/>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>

[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@wsl-001 ~]# mkdir /data/wwwroot/111.com/admin/
[root@wsl-001 ~]# vim  /data/wwwroot/111.com/admin/index.php
[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful

[root@wsl-001 ~]# curl -x 127.0.0.1:80 111.com/admin/index.php
123
[root@wsl-001 ~]# curl -x 172.16.79.140:80 111.com/admin/index.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /admin/index.php
on this server.<br />
</p>
</body></html>

访问控制FilesMatch

[root@wsl-001 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
（修改以下代码）
<Directory /data/wwwroot/111.com/admin/>
        <FilesMatch  "admin.php(.*)">
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
        </FilesMatch>
    </Directory>
[root@wsl-001 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@wsl-001 ~]# curl -x 172.16.79.140:80 'http://111.com/admin/admin.php?dasfa' -I
HTTP/1.1 403 Forbidden
Date: Wed, 18 Apr 2018 08:37:12 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

[root@wsl-001 ~]# curl -x 127.0.0.1:80 'http://111.com/admin/admin.php?dasfa' -I
HTTP/1.1 404 Not Found
Date: Wed, 18 Apr 2018 08:37:25 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

几种限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定义header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556

网友评论

本文标题：配置防盗链、访问控制Directory、访问控制FilesMat

本文链接：https://www.haomeiwen.com/subject/zuzpkftx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

配置防盗链、访问控制Directory、访问控制FilesMat

访问控制Directory

访问控制FilesMatch

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读