Apache防盜鏈配置,Directory訪問控制,FilesMatch進行訪問控制
阿新 • • 發佈:2018-11-25
防盜鏈配置
- 通過限制referer來實現防盜鏈的功能
- 配置前,使用curl -e 指定referer
[[email protected] test-webroot]# curl -e "http://www.test.com/1.html" -x127.0.0.1:80 "www.test.com/1.jpg" -I HTTP/1.1 200 OK Date: Mon, 19 Nov 2018 22:18:28 GMT Server: Apache/2.4.37 (Unix) PHP/5.6.32 Last-Modified: Mon, 19 Nov 2018 00:30:17 GMT ETag: "0-57af99f141942" Accept-Ranges: bytes Cache-Control: max-age=86400 Expires: Tue, 20 Nov 2018 22:18:28 GMT Content-Type: image/jpeg [[email protected] test-webroot]# curl -e "http://www.qq.com/1.html" -x127.0.0.1:80 "www.qq.com/1.jpg" -I HTTP/1.1 200 OK Date: Mon, 19 Nov 2018 22:19:35 GMT Server: Apache/2.4.37 (Unix) PHP/5.6.32 Last-Modified: Mon, 19 Nov 2018 00:30:17 GMT ETag: "0-57af99f141942" Accept-Ranges: bytes Cache-Control: max-age=86400 Expires: Tue, 20 Nov 2018 22:19:35 GMT Content-Type: image/jpeg
- 配置,/usr/local/apache2.4/conf/extra/httpd-vhosts.conf對應的虛擬網站增加如下內容,SetEnvIfNoCase Referer增加的是白名單
<Directory "/usr/local/apache2.4/test-webroot"> SetEnvIfNoCase Referer "http://www.test.com" local_ref SetEnvIfNoCase Referer "http://test.com" local_ref SetEnvIfNoCase Referer "^$" local_ref <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> Order Allow,Deny Allow from env=local_ref </filesmatch> </Directory>
- 重新載入配置,測試
[[email protected] test-webroot]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] test-webroot]# curl -e "http://www.test.com/1.html" -x127.0.0.1:80 "www.test.com/1.jpg" -I
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 22:26:15 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Last-Modified: Mon, 19 Nov 2018 00:30:17 GMT
ETag: "0-57af99f141942"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Tue, 20 Nov 2018 22:26:15 GMT
Content-Type: image/jpeg
[[email protected] test-webroot]# curl -e "http://www.qq.com/1.html" -x127.0.0.1:80 "www.qq.com/1.jpg" -I # 403錯誤
HTTP/1.1 403 Forbidden
Date: Mon, 19 Nov 2018 22:26:17 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Content-Type: text/html; charset=iso-8859-1
Directory訪問控制
- 配置前
[[email protected] ~]# curl -x127.0.0.1:80 www.test.com/admin/index.php
This is admin/index.php
[[email protected] ~]# curl -x192.168.77.139:80 www.test.com/admin/index.php
This is admin/index.php
- 配置, /usr/local/apache2.4/conf/extra/httpd-vhosts.conf對應的虛擬網站增加如下內容
Directory /usr/local/apache2.4/test-webroot/admin>
Order deny,allow
Deny from all
Allow from 127.0.0.1 # 只允許本機的127.0.0.1訪問
</Directory>
- 重新載入,測試
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x127.0.0.1:80 www.test.com/admin/index.php
This is admin/index.php
[[email protected] ~]# curl -x192.168.77.139:80 www.test.com/admin/index.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /admin/index.php
on this server.<br />
</p>
</body></html>
FilesMatch訪問控制
- 配置前
[[email protected] ~]# curl -x192.168.77.139:80 www.test.com
It works!
[[email protected] ~]# curl -x127.0.0.1:80 www.test.com
It works!
- 配置,/usr/local/apache2.4/conf/extra/httpd-vhosts.conf對應的虛擬網站增加如下內容
<Directory /usr/local/apache2.4/test-webroot/>
<FilesMatch index.html(.*)>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
- 重新載入配置,訪問測試
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x192.168.77.139:80 www.test.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.<br />
</p>
</body></html>
[[email protected] ~]# curl -x127.0.0.1:80 www.test.com
It works!
[[email protected] ~]# curl -x127.0.0.1:80 'www.test.com/index.html?a=123'
It works!
[[email protected] ~]# curl -x192.168.77.139:80 'www.test.com/index.html?a=123'
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /index.html
on this server.<br />
</p>
</body></html>