配置防盗链
防止服务器的图片和其他资源被非本机的站点引用, 被其他网站引用后会导致流量图片的用户的数量暴增,
而带宽流量增加增加站点的成本;
编辑虚拟配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加代码
- <Directory /data/wwwroot/szl.com>;
- SetEnvIfNoCase Referer "szl.com"; local_ref // 设置白名单 szl.com
- SetEnvIfNoCase Referer "www.szl.com"; local_ref // 设置白名单 www.szl.com
- SetEnvIfNoCase Referer "^$" local_ref // 设置白名单网址为空时, 复制地址直接访问
- <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)"> // 设置禁止引用的文件后缀
- Order Allow,Deny // 拒绝所有人引用
- Allow from env=local_ref // 只允许白名单的容许
- </filesmatch>
- </Directory>
代码预览
- <VirtualHost *:80>
- DocumentRoot "/data/wwwroot/szl.com"
- ServerName szl.com
- ServerAlias www.example.com www.szl.com
- <Directory /data/wwwroot/szl.com>
- SetEnvIfNoCase Referer "http://www.szl.com"; local_ref
- SetEnvIfNoCase Referer "http://szl.com"; local_ref
- SetEnvIfNoCase Referer "^$" local_ref
- <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
- Order Allow,Deny
- Allow from env=local_ref
- </filesmatch>
- </Directory>
- ErrorLog "logs/szl.com-error_log"
- CustomLog "logs/szl.com-access_log" combined
- </VirtualHost>
配置生效
- /usr/local/apache2.4/bin/apachectl -t
- /usr/local/apache2.4/bin/apachectl graceful
设置某目录只有指定的 ip 才能访问
创建访问文件目录
- mkdir /data/wwwroot/szl.com/admin/
- touch /data/wwwroot/szl.com/admin/admin.php
编辑虚拟配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加代码
- <Directory /data/wwwroot/szl.com/admin/>; // 设置访问控制的路径为 admin 目录
- Order deny,allow // 定义规则, 先拒绝, 后允许 (先允许后拒绝, 会使所有人不能访问)
- Deny from all // 拒绝所有人
- Allow from 127.0.0.1 // 容许 ip127.0.0.1 能够访问 admin 目录
- </Directory>
代码预览
- <VirtualHost *:80>
- DocumentRoot "/data/wwwroot/szl.com"
- ServerName szl.com
- ServerAlias www.example.com www.szl.com
- <Directory /data/wwwroot/szl.com/admin/>;
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
- </Directory>
- ErrorLog "logs/szl.com-error_log"
- CustomLog "logs/szl.com-access_log" combined
- </VirtualHost>
配置生效
- /usr/local/apache2.4/bin/apachectl -t
- /usr/local/apache2.4/bin/apachectl graceful
测试
使用 127.0.0.1 访问, 成功代码 200
- curl -x127.0.0.1:80 szl.com/admin/admin.php -I
- HTTP/1.1 200 OK
- Date: Tue, 06 Mar 2018 11:47:56 GMT
- Server: Apache/2.4.29 (Unix) PHP/5.6.30
- X-Powered-By: PHP/5.6.30
- Content-Type: text/html; charset=UTF-8
使用 192.168.188.2 访问, 禁止访问 403
- curl -x192.168.188.2:80 szl.com/admin/admin.php -I
- HTTP/1.1 403 Forbidden
- Date: Tue, 06 Mar 2018 11:48:47 GMT
- Server: Apache/2.4.29 (Unix) PHP/5.6.30
- Content-Type: text/html; charset=iso-8859-1
访问控制 FilesMatch(针对单链接)
编辑虚拟配置文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加代码
- <Directory /data/wwwroot/szl.com>
- <FilesMatch "admin.php(.*)"> // 设置单链接文件为 admin.php 后缀有或无
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
- </FilesMatch>
- </Directory>
代码预览
- <VirtualHost *:80>
- DocumentRoot "/data/wwwroot/szl.com"
- ServerName szl.com
- ServerAlias www.example.comwww.szl.com
- <Directory /data/wwwroot/szl.com>
- <FilesMatch "admin.php(.*)">
- Order deny,allow
- Deny from all
- Allow from 127.0.0.1
- </FilesMatch>
- </Directory>
- ErrorLog "logs/szl.com-error_log"
- CustomLog "logs/szl.com-access_log" combined
- </VirtualHost>
配置生效
- /usr/local/apache2.4/bin/apachectl -t
- /usr/local/apache2.4/bin/apachectl graceful
测试
使用 127.0.0.1 访问, 成功, 提示没有这个文件 404
- curl -x127.0.0.1:80 szl.com/admin.php?dfsldfjkso -I
- HTTP/1.1 404 Not Found
- Date: Tue, 06 Mar 2018 12:09:06 GMT
- Server: Apache/2.4.29 (Unix) PHP/5.6.30
- Content-Type: text/html; charset=iso-8859-1
使用 192.168.188.2 访问, 拒绝访问 403
- curl -x192.168.188.2:80 szl.com/admin/admin.php?dfsldfjkso -I
- HTTP/1.1 403 Forbidden
- Date: Tue, 06 Mar 2018 12:07:59 GMT
- Server: Apache/2.4.29 (Unix) PHP/5.6.30
- Content-Type: text/html; charset=iso-8859-1
lamp - 配置防盗链访问控制 Directory(针对目录) 访问控制 (针对单文件)
来源: http://www.bubuko.com/infodetail-2517911.html