LAMP-防盗链与访问控制
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LAMP-防盗链与访问控制相关的知识,希望对你有一定的参考价值。
一、防盗链
有时候,网站的流量会异常庞大。经过观察,会发现一些静态的图片等元素被盗用了。使用防盗链,可以防止元素被外链。通过限制referer能实现防盗链的功能。
1)配置虚拟主机
[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/123.com" ServerName 123.com ErrorLog "logs/123.com-error_log" CustomLog "logs/123.com-access_log" common <Directory /data/www/123.com> SetEnvIfNoCase Referer "http://www.123.com" local_ref SetEnvIfNoCase Referer "http://123.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> Order Allow,Deny Allow from env=local_ref </filesmatch> </Directory> </VirtualHost>
2)检查重新加载
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
3)测试效果
[[email protected] 123.com]# curl -x127.0.0.1:80 123.com/123.gif -I HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 12:26:31 GMT Server: Apache/2.4.27 (Unix) php/7.1.6 Last-Modified: Fri, 21 Jul 2017 12:26:31 GMT ETag: W/"8c5-555b2e6023fc0" Accept-Ranges: bytes Content-Length: 2245 Content-Type: image/gif [[email protected] 123.com]# curl -e "http://baidu.com" -x127.0.0.1:80 123.com/123.gif -I HTTP/1.1 403 Forbidden Date: Fri, 21 Jul 2017 12:26:11 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
二、访问控制
1、Directory
1)配置虚拟主机
[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/123.com" ServerName 123.com ErrorLog "logs/123.com-error_log" CustomLog "logs/123.com-access_log" common <Directory /data/www/123.com> Order deny,allow Deny from all Allow from 127.0.0.1 </Directory> </VirtualHost>
2)检查重新加载
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
3)测试效果
[[email protected] 123.com]# curl -x127.0.0.1:80 123.com -I HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 12:33:02 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [[email protected] 123.com]# curl -x192.168.137.100:80 123.com -I HTTP/1.1 403 Forbidden Date: Fri, 21 Jul 2017 12:33:14 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
2、FilesMatch
1)配置虚拟主机
[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/www/123.com" ServerName 123.com ErrorLog "logs/123.com-error_log" CustomLog "logs/123.com-access_log" common <Directory /data/www/123.com> <FilesMatch "index.php(.*)"> Order deny,allow Deny from all Allow from 127.0.0.1 </FilesMatch> </Directory> </VirtualHost>
2)检查重新加载
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
3)测试效果
[[email protected] 123.com]# curl -x127.0.0.1:80 123.com/index.php -I HTTP/1.1 200 OK Date: Fri, 21 Jul 2017 12:39:13 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [[email protected] 123.com]# curl -x192.168.137.100:80 123.com/index.php -I HTTP/1.1 403 Forbidden Date: Fri, 21 Jul 2017 12:39:26 GMT Server: Apache/2.4.27 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
本文出自 “Gorilla Grodd” 博客,请务必保留此出处http://juispan.blog.51cto.com/943137/1953129
以上是关于LAMP-防盗链与访问控制的主要内容,如果未能解决你的问题,请参考以下文章
lamp-配置防盗链访问控制Directory(针对目录)访问控制(针对单文件)
LAMP架构(配置防盗链,目录访问控制,文件/链接访问控制)