4月17日任務
防盜鏈功能為:不允許第三方網站調用本網站文件;
編輯配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
修改以下內容
<Directory /data/wwwroot/111.com>
SetEnvlfNoCase Referer "http://111.com" local_ref //白名單111.com
SetEnvlfNoCase Referer "http://aaa.com" local_ref //白名單第三方站點aaa.com
SetEnvlfNoCase Referer "^$"
<FilesMatch "\.( txt | doc | mp3 | zip | rar | jpg | gif | png )"> //定義規則,標簽不嚴格區分大小寫,filesmatch也可;
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
</Directory>
保存後,重新加載
vim /usr/local/apache2.4/bin/apachectl -t
vim /usr/local/apache2.4/bin/apachectl graceful
測試
curl -x127.0.0.1:80 111.com/qq.png -I
200表示可以訪問;403表示禁止訪問;
自定義
curl -e "http://www.qq.com/123.txt" -x127.0.0.1:80 111.com/qq.png -I //自定義referer
11.26 訪問控制Directory
編輯配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加以下內容
<Directory /data/wwwroot/111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
保存後,重新加載
vim /usr/local/apache2.4/bin/apachectl -t
vim /usr/local/apache2.4/bin/apachectl graceful
curl測試狀態碼為403則被限制訪問了
curl -x127.0.0.1:80 111.com/admin/index.php -I
curl -x192.168.133.150:80 111.com/admin/index.php -I
查看日誌
tail /usr/local/apache2.4/logs/111.com-access_20170708.log
200可以訪問;403禁止訪問;
11.27 訪問控制FilesMatch
編輯配置文件httpd-vhosts.conf
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
增加以下內容
<Directory /data/wwwroot/111.com>
<FilesMatch admin.php(.*)>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
保存後,重新加載
vim /usr/local/apache2.4/bin/apachectl -t
vim /usr/local/apache2.4/bin/apachectl graceful
測試
curl -x192.168.133.150:80 http://111.com/admin/alsjdflksajdflk -I
404找不到;
curl -x192.168.133.150:80 'http://111.com/admin.php?alsjdflksajdflk' -I
403禁止;
curl -x127.0.0.1:80 'http://111.com/admin.php?alsjdflksajdflk' -I
404找不到;
擴展
幾種限制ip的方法 http://ask.apelearn.com/question/6519
apache 自定義header http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout http://ask.apelearn.com/question/556
4月17日任務