防止服务器的图片和其他资源被非本机的站点引用,被其他网站引用后会导致流量图片的用户的数量暴增,
而带宽流量增加、增加站点的成本;
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <Directory /data/wwwroot/szl.com>;
SetEnvIfNoCase Referer "szl.com"; local_ref //设置白名单szl.com
SetEnvIfNoCase Referer "www.szl.com"; local_ref //设置白名单www.szl.com
SetEnvIfNoCase Referer "^$" local_ref //设置白名单网址为空时,复制地址直接访问
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)"> //设置禁止引用的文件后缀
Order Allow,Deny //拒绝所有人引用
Allow from env=local_ref //只允许白名单的容许
</filesmatch>
</Directory><VirtualHost *:80>
DocumentRoot "/data/wwwroot/szl.com"
ServerName szl.com
ServerAlias www.example.com www.szl.com
<Directory /data/wwwroot/szl.com>
SetEnvIfNoCase Referer "http://www.szl.com"; local_ref
SetEnvIfNoCase Referer "http://szl.com"; local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
ErrorLog "logs/szl.com-error_log"
CustomLog "logs/szl.com-access_log" combined
</VirtualHost>/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful设置某目录只有指定的ip才能访问
mkdir /data/wwwroot/szl.com/admin/
touch /data/wwwroot/szl.com/admin/admin.phpvim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf<Directory /data/wwwroot/szl.com/admin/>; //设置访问控制的路径为admin目录
Order deny,allow //定义规则,先拒绝,后允许(先允许后拒绝,会使所有人不能访问)
Deny from all //拒绝所有人
Allow from 127.0.0.1 //容许ip127.0.0.1 能够访问admin目录
</Directory><VirtualHost *:80>
DocumentRoot "/data/wwwroot/szl.com"
ServerName szl.com
ServerAlias www.example.com www.szl.com
<Directory /data/wwwroot/szl.com/admin/>;
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
ErrorLog "logs/szl.com-error_log"
CustomLog "logs/szl.com-access_log" combined
</VirtualHost>/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful使用127.0.0.1访问,成功代码200
curl -x127.0.0.1:80 szl.com/admin/admin.php -IHTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 11:47:56 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8使用192.168.188.2访问,禁止访问403
curl -x192.168.188.2:80 szl.com/admin/admin.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 11:48:47 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf<Directory /data/wwwroot/szl.com>
<FilesMatch "admin.php(.*)"> //设置单链接文件为admin.php后缀有或无
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory><VirtualHost *:80>
DocumentRoot "/data/wwwroot/szl.com"
ServerName szl.com
ServerAlias www.example.comwww.szl.com
<Directory /data/wwwroot/szl.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
ErrorLog "logs/szl.com-error_log"
CustomLog "logs/szl.com-access_log" combined
</VirtualHost>/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful使用127.0.0.1访问,成功,提示没有这个文件404
curl -x127.0.0.1:80 ‘szl.com/admin.php?dfsldfjkso‘ -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 12:09:06 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1使用192.168.188.2访问,拒绝访问、403
curl -x192.168.188.2:80 ‘szl.com/admin/admin.php?dfsldfjkso‘ -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 12:07:59 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1lamp-配置防盗链、访问控制Directory(针对目录)、访问控制(针对单文件)
原文地址:http://blog.51cto.com/shuzonglu/2083595
