配置防盗链,访问控制Directory,FilesMatch

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了配置防盗链,访问控制Directory,FilesMatch相关的知识,希望对你有一定的参考价值。

配置防盗链

技术分享图片
1.修改虚拟主机配置文件:

[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
 <Directory /data/wwwroot/111.com>
        SetEnvIfNoCase Referer "http://111.com" local_ref
        SetEnvIfNoCase Referer "http://aaa.com" local_ref
        #SetEnvIfNoCase Referer "^$" local_ref
        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
            Order Allow,Deny
            Allow from env=local_ref
        </filesmatch>
    </Directory>

2.重新加载:

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl  restart
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful

3.测试

直接输入111.com/bj.jpg无法访问,在51cto博客发超链接,可以访问
如果想要可以直接访问,需要把空refer打开

4.可以使用-e指定refer

[[email protected] ~]# curl -e "http://111.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:35:20 GMT
Server: Apache/2.4.29 (Unix) php/7.1.6
Last-Modified: Tue, 02 May 2017 15:30:36 GMT
ETag: "7e25-54e8c38a0bf00"
Accept-Ranges: bytes
Content-Length: 32293
Content-Type: image/jpeg

[[email protected] ~]# curl -e "http://qq.com/123.txt" -x127.0.0.1:80 111.com/bj.jpg -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:35:58 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

访问控制Directory

技术分享图片

1.修改虚拟主机配置文件

[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

   <Directory /data/wwwroot/www.123.com/admin/>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
   </Directory>

2.测试:

[[email protected] 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:50:41 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[[email protected] 111.com]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] 111.com]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] 111.com]# curl -x192.168.188.130:80 111.com/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 14:52:06 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[[email protected] 111.com]# curl -x127.0.0.1:80 111.com/admin/index.php -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 14:52:21 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
127.0.0.1 - - [06/Mar/2018:22:50:41 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.188.130 - - [06/Mar/2018:22:52:06 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 403 - "-" "curl/7.29.0"
127.0.0.1 - - [06/Mar/2018:22:52:21 +0800] "HEAD HTTP://111.com/admin/index.php HTTP/1.1" 200 - "-" "curl/7.29.0"

访问控制files match

技术分享图片

1.修改参数

<Directory /data/wwwroot/111.com>
        <FilesMatch  "admin.php(.*)">
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
        </FilesMatch>

   </Directory>

2.测试

[[email protected] 111.com]# curl -x192.168.188.130:80 http://111.com/admin/alsfjkagjk -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:04:03 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[[email protected] 111.com]# curl -x192.168.188.130:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 403 Forbidden
Date: Tue, 06 Mar 2018 15:04:48 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

[[email protected] 111.com]# curl -x127.0.0.1:80 ‘http://111.com/admin.php?alsfjkagjk‘ -I
HTTP/1.1 404 Not Found
Date: Tue, 06 Mar 2018 15:05:11 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

以上是关于配置防盗链,访问控制Directory,FilesMatch的主要内容,如果未能解决你的问题,请参考以下文章

11.25 配置防盗链 11.26 访问控制Directory 11.27 访问控制FilesMat

配置防盗链访问控制– Directory及访问控制 – FilesMatch

配置防盗链,访问控制Directory,FilesMatch

四十配置防盗链访问控制Directory访问控制FilesMatch

11.25 配置防盗链 11.26 访问控制Directory 11.27 访问控制FilesMat

apache配置防盗链访问控制directory访问控制FilesMatch