Nginx防盗链以及访问控制,Nginx解析php配置和代理
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx防盗链以及访问控制,Nginx解析php配置和代理相关的知识,希望对你有一定的参考价值。
nginx防盗链
1.编辑配置文件:
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
2.测试重新加载:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
3.验证:
[[email protected] ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1 -I test.com/1.gif
curl: (7) Failed connect to 127.0.0.1:1080; 拒绝连接
[[email protected] ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:25:23 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[[email protected] ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:25:35 GMT
Content-Type: image/gif
Content-Length: 14
Last-Modified: Wed, 14 Mar 2018 17:20:46 GMT
Connection: keep-alive
ETag: "5aa959ee-e"
Expires: Thu, 22 Mar 2018 14:25:35 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
Nginx访问控制
针对目录
1.编辑配置文件:
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location /admin/
{
allow 127.0.0.1;
allow 192.168.188.130;
deny all;
}
2.测试并重新加载:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
3.进行验证:
[[email protected] ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:52:12 GMT
Content-Type: application/octet-stream
Content-Length: 10
Last-Modified: Thu, 15 Mar 2018 14:52:04 GMT
Connection: keep-alive
ETag: "5aaa8894-a"
Accept-Ranges: bytes
针对正则:
4.修改配置文件:
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
5.测试并重新加载:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
6.验证:
[[email protected] ~]# mkdir /data/wwwroot/test.com/upload
[[email protected] ~]# echo "1111" > /data/wwwroot/test.com/upload/1.php
[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[[email protected] ~]# echo "1111" > /data/wwwroot/test.com/upload/1.txt
[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.txt
1111
7.针对user_agent限制,修改配置文件:
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘)
{
return 403;
}
8.测试并重新加载:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
9.进行验证 :
[[email protected] ~]# curl -A Tomatosjklajg-x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 15:05:33 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[[email protected] ~]# curl -A Tmatosjklajg-x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 15:05:47 GMT
Content-Type: text/plain
Content-Length: 5
Last-Modified: Thu, 15 Mar 2018 15:01:29 GMT
Connection: keep-alive
ETag: "5aaa8ac9-5"
Accept-Ranges: bytes
Nginx解析php相关配置
1.修改配置文件:
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
2.测试:
[[email protected] ~]# vi /data/wwwroot/test.com/3.php
[[email protected] ~]# curl -x127.0.0.1:80 test.com/3.php
<?php
phpinfo();
无法解析,重新加载
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
再次查看结果
可以正常解析
3.如果遇到502的情况:
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fgi.sock; #此行配置要根据主配置文件来看是写sock还是ip地址,一定要保持一致
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
access_log /tmp/test.com.log weixing;
}
[[email protected] ~]# curl -x127.0.0.1:80 test.com/3.php
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
不一致就会出现这种情况
Nginx代理
1.写一个配置文件:
[[email protected] ~]# cd /usr/local/
apache2.4/ bin/ include/ libexec/ nginx/ php-fpm/ src/
apr/ etc/ lib/ mariadb/ php/ sbin/
apr-util/ games/ lib64/ mysql/ php7/ share/
[[email protected] ~]# cd /usr/local/nginx/conf
[[email protected] conf]# cd vhost/
[[email protected] vhost]# vim proxy.conf
server
{
listen 80;
server_name ask.apelearn.com;
location /
{
proxy_pass http://47.91.145.78/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2.验证并重新加载:
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload
3.进行测试:
[[email protected] vhost]# curl -x127.0.0.1:80 ask.apelearn.com/robots.txt
#
# robots.txt for MiWen
#
User-agent: *
Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/
以上是关于Nginx防盗链以及访问控制,Nginx解析php配置和代理的主要内容,如果未能解决你的问题,请参考以下文章
Nginx的防盗链Nginx的访问控制Nginx解析php的配置Nginx代理
四十九Nginx防盗链Nginx访问控制Nginx解析PHP相关配置Nginx代理
Nginx防盗链 Nginx访问控制 Nginx解析php相关配置 Nginx代理