标签:lamp
一、防盗链
有时候,网站的流量会异常庞大。经过观察,会发现一些静态的图片等元素被盗用了。使用防盗链,可以防止元素被外链。通过限制referer能实现防盗链的功能。
1)配置虚拟主机
[root@juispan ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/123.com" ServerName 123.com ErrorLog "logs/123.com-error_log" CustomLog "logs/123.com-access_log" common <Directory /data/www/123.com> SetEnvIfNoCase Referer "http://www.123.com" local_ref SetEnvIfNoCase Referer "http://123.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> Order Allow,Deny Allow from env=local_ref </filesmatch> </Directory> </VirtualHost>
2)检查重新加载
[root@juispan ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@juispan ~]# /usr/local/apache2.4/bin/apachectl graceful
3)测试效果
[root@juispan 123.com]# curl -x127.0.0.1:80 123.com/123.gif -I HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 12:26:31 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Last-Modified: Fri, 21 Jul 2017 12:26:31 GMT ETag: W/"8c5-555b2e6023fc0" Accept-Ranges: bytes Content-Length: 2245 Content-Type: image/gif [root@juispan 123.com]# curl -e "http://baidu.com" -x127.0.0.1:80 123.com/123.gif -I HTTP/1.1 403 Forbidden Date: Fri, 21 Jul 2017 12:26:11 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
二、访问控制
1、Directory
1)配置虚拟主机
[root@juispan ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/123.com" ServerName 123.com ErrorLog "logs/123.com-error_log" CustomLog "logs/123.com-access_log" common <Directory /data/www/123.com> Order deny,allow Deny from all Allow from 127.0.0.1 </Directory> </VirtualHost>
2)检查重新加载
[root@juispan ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@juispan ~]# /usr/local/apache2.4/bin/apachectl graceful
3)测试效果
[root@juispan 123.com]# curl -x127.0.0.1:80 123.com -I HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 12:33:02 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@juispan 123.com]# curl -x192.168.137.100:80 123.com -I HTTP/1.1 403 Forbidden Date: Fri, 21 Jul 2017 12:33:14 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
2、FilesMatch
1)配置虚拟主机
[root@juispan ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/123.com" ServerName 123.com ErrorLog "logs/123.com-error_log" CustomLog "logs/123.com-access_log" common <Directory /data/www/123.com> <FilesMatch "index.php(.*)"> Order deny,allow Deny from all Allow from 127.0.0.1 </FilesMatch> </Directory> </VirtualHost>
2)检查重新加载
[root@juispan ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@juispan ~]# /usr/local/apache2.4/bin/apachectl graceful
3)测试效果
[root@juispan 123.com]# curl -x127.0.0.1:80 123.com/index.php -I HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 12:39:13 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@juispan 123.com]# curl -x192.168.137.100:80 123.com/index.php -I HTTP/1.1 403 Forbidden Date: Fri, 21 Jul 2017 12:39:26 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
本文出自 “Gorilla Grodd” 博客,请务必保留此出处http://juispan.blog.51cto.com/943137/1953129
标签:lamp
原文地址:http://juispan.blog.51cto.com/943137/1953129
