1.8.8 配置防盗链

2018-02-27 11:08:35来源:oschina作者:脑洞老湿_人点击

分享
1.8.8 配置防盗链

通过限制referer来实现防盗链的功能
配置文件增加如下内容

SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
//定义规则:
Order Allow,Deny //order定义访问控制
Allow from env=local_ref


curl -e "http://www.aminglinux.com/123.html" 自定义referer
这个是我在开源中国定义的referer跳转!
↑抱歉,我发现 回帖加链接不知道为啥浏览器防盗链没有效果了!禁止空白referer访问还是有效果的(待研究)



查看了日志之后,我发现 日志里面并没有记录到referer,用其他回帖网站 也没有看到referer,下次在研究这个咯!



编辑配置:
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
SetEnvIfNoCase Referer "http://www.111.com" local_ref
#SetEnvIfNoCase Referer "www.oschina.net" local_ref
#SetEnvIfNoCase Referer "^$" local_ref

Order Allow,Deny
Allow from env=local_ref

ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
测试效果:
[[email protected] ~]# curl -e "http://www.oschina.net" www.111.com/luds.jpg -I
HTTP/1.1 403 Forbidden##403遇到的第三个web反馈!
……
[[email protected] ~]# curl www.111.com/luds.jpg -I
HTTP/1.1 403 Forbidden
……
##以上使用referer和空referer都不能访问,必须是www.111.com为referer才能访问这个.jpg
##为什么使用浏览器 回帖指定offerer都可以

mark
mark


再次编辑并测试!
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "www.oschina.net" local_ref
SetEnvIfNoCase Referer "^$" local_ref

Order Allow,Deny
Allow from env=local_ref

ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -e "http://www.oschina.net" www.111.com/luds.jpg -I
HTTP/1.1 200 OK
[[email protected] ~]# curl www.111.com/luds.jpg -I
HTTP/1.1 200 OK
##防盗链访问成功!
1.8.9 访问控制Directory

核心配置文件内容

Order deny,allow
Deny from all
Allow from 127.0.0.1

curl测试状态码为403则被限制访问了。


编辑配置:
##首先,上面修改的日志记录 修改后记得还原!(.jpg不记录日志)
[[email protected] ~]# mkdir -p /data/wwwroot/111.com/admin
[[email protected] ~]# vim /data/wwwroot/111.com/admin/index.php
[[email protected] ~]# cat /data/wwwroot/111.com/admin/index.php
<?php
echo "This page is forbidden;/n"
?>
[[email protected] ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php
This page is forbidden;##成功访问!
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com

Order deny,allow
Deny from all
Allow from 127.0.0.1

ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
测试访问:
[[email protected] ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php -I
HTTP/1.1 403 Forbidden##使用192.168.60.11访问失败,127.0.0.1却可以访问;
[[email protected] ~]# curl -x127.0.0.1:80 www.111.com/admin/index.php -I
HTTP/1.1 200 OK
再次修改测试:
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com

Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.60.0/24

ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x192.168.60.11:80 www.111.com/admin/index.php -I
HTTP/1.1 200 OK##这里已经可以访问了哦!!

小提示: 关于/etc/hosts和curl命令。
如果访问一个本地域名,如果hosts文件里面没有解析的话 那么我们如何用curl访问呢?
1、直接访问ip:http://192.168.60.12
2、使用curl -x192.168.60.12:80 www.111.com命令访问(这样就相当于指定了域名的ip,但是ip后面需要接端口号,不然默认访问的是1080端口)
还有:
访问本地站点:
curl -x127.0.0.1:80 那么他就用127.0.0.1这个ip来访问该地址!
curl -x192.168.60.11:80 则默认用192.168.60.11来访问!(前提是访问本地站点)



1.8.10 访问控制FilesMatch

核心配置文件内容

//等一下用正则写看看能不能用!
Order deny,allow
Deny from all
Allow from 127.0.0.1


编辑配置并测试:
[[email protected] ~]# curl www.111.com/admin.php -I
HTTP/1.1 200 OK
[[email protected] ~]# curl www.111.com/admin/admin.html -I
HTTP/1.1 200 OK
[[email protected] ~]# curl www.111.com/index.php -I
HTTP/1.1 200 OK
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com


Order deny,allow
Deny from all
Allow from 127.0.0.1


ErrorLog "logs/111.com-error_log"
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
##测试↓:
[[email protected] ~]# curl www.111.com/admin.php -I
HTTP/1.1 403 Forbidden
[[email protected] ~]# curl www.111.com/admin/admin.html -I
HTTP/1.1 403 Forbidden
[[email protected] ~]# curl www.111.com/index.php -I
HTTP/1.1 200 OK
##访问文件,并用正则限制成功了哦!

apache日志记录代理IP以及真实客户端IPhttp://www.lishiming.net/thread-960-1-1.html
apache只记录指定URI的日志http://www.lishiming.net/thread-981-1-1.html
apache日志记录客户端请求的域名http://www.lishiming.net/thread-1037-1-1.html
apache 日志切割问题http://www.lishiming.net/thread-566-1-1.html
几种限制ip的方法 http://www.lishiming.net/thread-6519-1-1.html
apache 自定义headerhttp://www.aminglinux.com/bbs/thread-830-1-1.html
apache的keepalive和keepalivetimeouthttp://www.aminglinux.com/bbs/thread-556-1-1.html


最新文章

123

最新摄影

微信扫一扫

第七城市微信公众平台