标签：防盗链   访问控制   

1.修改虚拟主机配置文件：

[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

 <Directory /data/wwwroot/111.com>
        SetEnvIfNoCase Referer "http://111.com" local_ref
        SetEnvIfNoCase Referer "http://aaa.com" local_ref
        #SetEnvIfNoCase Referer "^$" local_ref
        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
            Order Allow,Deny
            Allow from env=local_ref
        </filesmatch>
    </Directory>

2.重新加载：

[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl  restart
[root@weixing01 ~]# /usr/local/apache2.4/bin/apachectl graceful

3.测试

直接输入111.com/bj.jpg无法访问，在51cto博客发超链接，可以访问
如果想要可以直接访问，需要把空refer打开

4.可以使用-e指定refer

[root@weixing01 ~]# curl -e "http://111.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:35:20 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Last-Modified: Tue, 02 May 2017 15:30:36 GMT
ETag: "7e25-54e8c38a0bf00"
Accept-Ranges: bytes
Content-Length: 32293
Content-Type: image/jpeg

[root@weixing01 ~]# curl -e "http://qq.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:35:58 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

访问控制Directory

1.修改虚拟主机配置文件

[root@weixing01 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

   <Directory /data/wwwroot/www.123.com/admin/>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
   </Directory>

2.测试：

[root@weixing01 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:50:41 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@weixing01 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@weixing01 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[root@weixing01 111.com]# curl -x192.168.188.130:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:52:06 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[root@weixing01 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:52:21 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

127.0.0.1 - - [06/Mar/2018:22:50:41 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.188.130 - - [06/Mar/2018:22:52:06 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [06/Mar/2018:22:52:21 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"

访问控制files match

1.修改参数

<Directory /data/wwwroot/111.com>
        <FilesMatch  "admin.php(.*)">
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
        </FilesMatch>

   </Directory>

2.测试

[root@weixing01 111.com]# curl -x192.168.188.130:80 http://111.com/admin/alsfjkagjk -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:04:03 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[root@weixing01 111.com]# curl -x192.168.188.130:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 15:04:48 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[root@weixing01 111.com]# curl -x127.0.0.1:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:05:11 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

配置防盗链，访问控制Directory，FilesMatch

标签：防盗链   访问控制   

原文地址：http://blog.51cto.com/13517254/2083646