lamp-配置防盗链访问控制Directory(针对目录)访问控制(针对单文件)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了lamp-配置防盗链访问控制Directory(针对目录)访问控制(针对单文件)相关的知识,希望对你有一定的参考价值。
配置防盗链防止服务器的图片和其他资源被非本机的站点引用,被其他网站引用后会导致流量图片的用户的数量暴增,
而带宽流量增加、增加站点的成本;
编辑虚拟配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf增加代码
<Directory /data/wwwroot/szl.com>;
SetEnvIfNoCase Referer "szl.com"; local_ref //设置白名单szl.com
SetEnvIfNoCase Referer "www.szl.com"; local_ref //设置白名单www.szl.com
SetEnvIfNoCase Referer "^$" local_ref //设置白名单网址为空时,复制地址直接访问
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)"> //设置禁止引用的文件后缀
Order Allow,Deny //拒绝所有人引用
Allow from env=local_ref //只允许白名单的容许
</filesmatch>
</Directory>代码预览
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/szl.com"
ServerName szl.com
ServerAlias www.example.com www.szl.com
<Directory /data/wwwroot/szl.com>
SetEnvIfNoCase Referer "http://www.szl.com"; local_ref
SetEnvIfNoCase Referer "http://szl.com"; local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
ErrorLog "logs/szl.com-error_log"
CustomLog "logs/szl.com-access_log" combined
</VirtualHost>配置生效
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful设置访问控制Directory(针对目录)
设置某目录只有指定的ip才能访问
创建访问文件目录
mkdir /data/wwwroot/szl.com/admin/
touch /data/wwwroot/szl.com/admin/admin.php编辑虚拟配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf增加代码
<Directory /data/wwwroot/szl.com/admin/>; //设置访问控制的路径为admin目录
Order deny,allow //定义规则,先拒绝,后允许(先允许后拒绝,会使所有人不能访问)
Deny from all //拒绝所有人
Allow from 127.0.0.1 //容许ip127.0.0.1 能够访问admin目录
</Directory>代码预览
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/szl.com"
ServerName szl.com
ServerAlias www.example.com www.szl.com
<Directory /data/wwwroot/szl.com/admin/>;
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
ErrorLog "logs/szl.com-error_log"
CustomLog "logs/szl.com-access_log" combined
</VirtualHost>配置生效
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful测试
使用127.0.0.1访问,成功代码200
curl -x127.0.0.1:80 szl.com/admin/admin.php -IHTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 11:47:56 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8使用192.168.188.2访问,禁止访问403
curl -x192.168.188.2:80 szl.com/admin/admin.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 11:48:47 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1
访问控制FilesMatch(针对单链接)
编辑虚拟配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf增加代码
<Directory /data/wwwroot/szl.com>
<FilesMatch "admin.php(.*)"> //设置单链接文件为admin.php后缀有或无
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>代码预览
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/szl.com"
ServerName szl.com
ServerAlias www.example.comwww.szl.com
<Directory /data/wwwroot/szl.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
ErrorLog "logs/szl.com-error_log"
CustomLog "logs/szl.com-access_log" combined
</VirtualHost>配置生效
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful测试
使用127.0.0.1访问,成功,提示没有这个文件404
curl -x127.0.0.1:80 ‘szl.com/admin.php?dfsldfjkso‘ -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 12:09:06 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1使用192.168.188.2访问,拒绝访问、403
curl -x192.168.188.2:80 ‘szl.com/admin/admin.php?dfsldfjkso‘ -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 12:07:59 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1以上是关于lamp-配置防盗链访问控制Directory(针对目录)访问控制(针对单文件)的主要内容,如果未能解决你的问题,请参考以下文章
配置防盗链访问控制Directory针对目录访问控制FilesMatch针对链接
配置防盗链 访问控制Directory 访问控制FilesMatch
11.25 配置防盗链 11.26 访问控制Directory 11.27 访问控制FilesMat
配置防盗链访问控制– Directory及访问控制 – FilesMatch