LAMP-防盗链与访问控制

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LAMP-防盗链与访问控制相关的知识,希望对你有一定的参考价值。

一、防盗链

    有时候,网站的流量会异常庞大。经过观察,会发现一些静态的图片等元素被盗用了。使用防盗链,可以防止元素被外链。通过限制referer能实现防盗链的功能。

1)配置虚拟主机

[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/123.com"
    ServerName 123.com
    ErrorLog "logs/123.com-error_log"
    CustomLog "logs/123.com-access_log" common
    <Directory /data/www/123.com>
        SetEnvIfNoCase Referer "http://www.123.com" local_ref
        SetEnvIfNoCase Referer "http://123.com" local_ref
        SetEnvIfNoCase Referer "^$" local_ref
        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
            Order Allow,Deny
            Allow from env=local_ref
        </filesmatch>
    </Directory>
</VirtualHost>

2)检查重新加载

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful

3)测试效果

[[email protected] 123.com]# curl -x127.0.0.1:80 123.com/123.gif -I 
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2017 12:26:31 GMT
Server: Apache/2.4.27 (Unix) php/7.1.6
Last-Modified: Fri, 21 Jul 2017 12:26:31 GMT
ETag: W/"8c5-555b2e6023fc0"
Accept-Ranges: bytes
Content-Length: 2245
Content-Type: image/gif

[[email protected] 123.com]# curl -e "http://baidu.com" -x127.0.0.1:80 123.com/123.gif -I 
HTTP/1.1 403 Forbidden
Date: Fri, 21 Jul 2017 12:26:11 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1


二、访问控制

1、Directory

1)配置虚拟主机

[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/123.com"
    ServerName 123.com
    ErrorLog "logs/123.com-error_log"
    CustomLog "logs/123.com-access_log" common
    <Directory /data/www/123.com>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>
</VirtualHost>

2)检查重新加载

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful

3)测试效果

[[email protected] 123.com]# curl -x127.0.0.1:80 123.com -I 
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2017 12:33:02 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[[email protected] 123.com]# curl -x192.168.137.100:80 123.com -I 
HTTP/1.1 403 Forbidden
Date: Fri, 21 Jul 2017 12:33:14 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1


2、FilesMatch

1)配置虚拟主机

[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/123.com"
    ServerName 123.com
    ErrorLog "logs/123.com-error_log"
    CustomLog "logs/123.com-access_log" common
    <Directory /data/www/123.com>
        <FilesMatch  "index.php(.*)">
            Order deny,allow
            Deny from all
            Allow from 127.0.0.1
        </FilesMatch>    
    </Directory>
</VirtualHost>

2)检查重新加载

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful

3)测试效果

[[email protected] 123.com]# curl -x127.0.0.1:80 123.com/index.php -I
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2017 12:39:13 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[[email protected] 123.com]# curl -x192.168.137.100:80 123.com/index.php -I
HTTP/1.1 403 Forbidden
Date: Fri, 21 Jul 2017 12:39:26 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1


本文出自 “Gorilla Grodd” 博客,请务必保留此出处http://juispan.blog.51cto.com/943137/1953129

以上是关于LAMP-防盗链与访问控制的主要内容,如果未能解决你的问题,请参考以下文章

lamp-配置防盗链访问控制Directory(针对目录)访问控制(针对单文件)

LAMP架构(配置防盗链,目录访问控制,文件/链接访问控制)

LAMP静态元素过期时间配置防盗链访问控制Directory访问控制FilesMatch

HTTP协议之防盗链与反防盗链

HTTP防盗链与反防盗链

Linux学习总结(三十六)lamp之配置防盗链