2. 程式人生 > >Nginx防盜鏈,訪問控制,解析PHP,代理

Nginx防盜鏈,訪問控制,解析PHP,代理

阿新 發佈:2018-11-29

Nginx防盜鏈

[[email protected] nginx]# vim conf/vhost/abc.com.conf
[[email protected] nginx]# cat conf/vhost/abc.com.conf
server
{
    listen 80;
    server_name abc.com ab.com a.com;
    index index.html index.htm index.php;
    root /data/wwwroot/abc.com;

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
          expires      7d;
          valid_referers none blocked server_names *.abc.com; # server_names 可以不要
          if ($invalid_referer){
              return 403;
          }
          access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }


    access_log /tmp/abc.com.log combined_realip;

}
[
 
[email protected] nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] nginx]# ./sbin/nginx -s reload
[[email protected] nginx]# curl -e "http://www.a.com" -x127.0.0.1:80 -I a.com/1.jpg
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:02:37 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[
 
[email protected] nginx]# curl -e "http://www.abc.com" -x127.0.0.1:80 -I a.com/1.jpg
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:02:45 GMT
Content-Type: image/jpeg
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 00:02:59 GMT
Connection: keep-alive
ETag: "5bfddb33-4"
Expires: Wed, 05 Dec 2018 07:02:45 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

Nginx 訪問控制

[[email protected] nginx]# curl  -x192.168.77.139:80 -I a.com/admin/ # 配置前先訪問測試
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:18:18 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT
Connection: keep-alive
ETag: "5bfe4066-4"
Accept-Ranges: bytes

[[email protected] nginx]# vim conf/vhost/abc.com.conf #配置
[[email protected] nginx]# cat conf/vhost/abc.com.conf
server
{
    listen 80;
    server_name abc.com ab.com a.com;
    index index.html index.htm index.php;
    root /data/wwwroot/abc.com;

    #if ($host != 'abc.com'){
    #    rewrite ^/(.*)$ http://abc.com/$1 permanent;
    #}
    location /admin/
    {
        allow 127.0.0.1;
        deny all;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
          expires      7d;
          valid_referers none blocked server_names *.abc.com;
          if ($invalid_referer){
              return 403;
          }
          access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }


    access_log /tmp/abc.com.log combined_realip;

}
[[email protected] nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] nginx]# ./sbin/nginx -s reload
[[email protected] nginx]# curl  -x192.168.77.139:80 -I a.com/admin/
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:07 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[[email protected] nginx]# curl  -x127.0.0.1:80 -I a.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:20 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT
Connection: keep-alive
ETag: "5bfe4066-4"
Accept-Ranges: bytes

正則匹配進行控制,例如: 禁止訪問某目錄下的php檔案

# 配置前訪問測試
[[email protected] nginx]# curl  -x127.0.0.1:80 -I a.com/upload/1.php
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:33:58 GMT
Content-Type: application/octet-stream
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:33:22 GMT
Connection: keep-alive
ETag: "5bfe44c2-4"
Accept-Ranges: bytes

# 配置
[[email protected] nginx]# cat conf/vhost/abc.com.conf
server
{
    listen 80;
    server_name abc.com ab.com a.com;
    index index.html index.htm index.php;
    root /data/wwwroot/abc.com;

    #if ($host != 'abc.com'){
    #    rewrite ^/(.*)$ http://abc.com/$1 permanent;
    #}
    location ~ .*upload/.*\.php$
    {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
          expires      7d;
          valid_referers none blocked server_names *.abc.com;
          if ($invalid_referer){
              return 403;
          }
          access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }

    access_log /tmp/abc.com.log combined_realip;
}
# 重新載入配置,再訪問測試
[[email protected] nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] nginx]# ./sbin/nginx -s reload
[[email protected] nginx]# curl  -x192.168.77.139:80 -I a.com/admin/
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:07 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[[email protected] nginx]# curl  -x127.0.0.1:80 -I a.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:19:20 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT
Connection: keep-alive
ETag: "5bfe4066-4"
Accept-Ranges: bytes

根據user_agent進行控制

# 配置前測試
[[email protected] nginx]# curl -A "baidu" -x127.0.0.1:80 -I a.com/upload/1.txt
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:40:24 GMT
Content-Type: text/plain
Content-Length: 4
Last-Modified: Wed, 28 Nov 2018 07:33:17 GMT
Connection: keep-alive
ETag: "5bfe44bd-4"
Accept-Ranges: bytes

# 配置,載入配置,再訪問測試
[[email protected] nginx]# cat conf/vhost/abc.com.conf
server
{
    listen 80;
    server_name abc.com ab.com a.com;
    index index.html index.htm index.php;
    root /data/wwwroot/abc.com;

    if ($http_user_agent ~ 'baidu|testagent'){
        return 403;
    }
    location ~ .*upload/.*\.php$
    {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
          expires      7d;
          valid_referers none blocked server_names *.abc.com;
          if ($invalid_referer){
              return 403;
          }
          access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }


    access_log /tmp/abc.com.log combined_realip;

}
[[email protected] nginx]# ./sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] nginx]# ./sbin/nginx -s reload
[[email protected] nginx]# curl -A "baidu" -x127.0.0.1:80 -I a.com/upload/1.txt
HTTP/1.1 403 Forbidden
Server: nginx/1.14.1
Date: Wed, 28 Nov 2018 07:40:37 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

Nginx解析PHP配置

# 配置前訪問測試
[[email protected] abc.com]# curl -x127.0.0.1:80 abc.com/index.php
<?php
    echo "1111111111";
?>
# 配置
[[email protected] abc.com]# cd /usr/local/nginx/conf/vhost/
[[email protected] vhost]# vim abc.com.conf
[[email protected] vhost]# cat abc.com.conf
server
{
    listen 80;
    server_name abc.com ab.com a.com;
    index index.html index.htm index.php;
    root /data/wwwroot/abc.com;

    if ($http_user_agent ~ 'baidu|testagent'){
        return 403;
    }
    location ~ .*upload/.*\.php$
    {
        return 403;
    }

    location ~ \.php$
    {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fcgi.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/wwwroot/abc.com$fastcgi_script_name;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
          expires      7d;
          valid_referers none blocked server_names *.abc.com;
          if ($invalid_referer){
              return 403;
          }
          access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }


    access_log /tmp/abc.com.log combined_realip;

}

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload
[[email protected] vhost]# curl -x127.0.0.1:80 abc.com/index.php
1111111111[[email protected] vhost]#

Nginx代理

# 配置前,想測試訪問baidu的robots.txt,結果訪問本地的robots.txt,本地不存在
[[email protected] vhost]# curl -x127.0.0.1:80 www.baidu.com/robots.txt
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.14.1</center>
</body>
</html>

# 新增代理服務配置
[[email protected] vhost]# vim proxy.conf
[[email protected] vhost]# cat proxy.conf
server
{
    listen 80;
    server_name www.baidu.com;

    location /
    {
        proxy_pass http://61.135.169.125/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload
# 訪問測試,訪問的是baidu的robots.txt
[[email protected] vhost]# curl -x127.0.0.1:80 www.baidu.com/robots.txt
User-agent: Baiduspider
Disallow: /baidu
Disallow: /s?
Disallow: /ulink?
Disallow: /link?
Disallow: /home/news/data/

User-agent: Googlebot
Disallow: /baidu
Disallow: /s?
Disallow: /shifen/
Disallow: /homepage/
Disallow: /cpro
Disallow: /ulink?
Disallow: /link?
Disallow: /home/news/data/
...

相關推薦

Nginx防盜,訪問控制,解析PHP,代理

Nginx防盜鏈 [[email protected] nginx]# vim conf/vhost/abc.com.conf [[email protected] nginx]# cat conf/vhost/abc.com.conf server { listen

49.Nginx防盜 訪問控制 解析php相關 代理伺服器

12.13 Nginx防盜鏈 12.14 Nginx訪問控制 12.15 Nginx解析php相關配置(502的問題) 12

nginx防盜+訪問控制+限制指定目錄運行php+解析支持php+現在user_agent

訪問控制 防盜鏈 限制目錄允許php 支持php 限制agent nginx防盜鏈 作用:防止其他網站引用本web站圖片與視頻資源,導致本站流量過大,從而造成不必要的經濟開支;比如:本網站test.com有圖片文件1.gif,而B網站使用test.com/1.gif 引用我們的圖片,那麽本

7.配置防盜,訪問控制

配置防盜鏈 訪問控制 [toc] 11.25 配置防盜鏈 1.防盜鏈和referer概念 防盜鏈,通俗講就是不讓別人盜用你網站上的資源,這個資源指的是圖片、視頻、歌曲、文檔等,在這之前需要理解一下referer的概念,如果你通過A網站的一個頁面http://a.com/a.html裏面的鏈接去訪問

配置防盜 訪問控制Directory 訪問控制FilesMatch

配置防盜鏈 訪問控制Directory一、配置防盜鏈#vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf如果要在第三方站點訪問,需要把第三方站點域名添加到httpd-vhosts.conf配置文件中,SetEnvIfNoCase Referer &quo

配置防盜,訪問控制

[toc] 配置防盜鏈,訪問控制 11.25 配置防盜鏈 1.防盜鏈和referer概念 防盜鏈,通俗講就是不讓別人盜用你網站上的資源,這個資源指的是圖片、視訊、歌曲、文件等,在這之前需要理解一下referer的概念,如果你通過A網站的一個頁面http://a.com/a.h

43.配置防盜 訪問控制Directory及FilesMatch

11.25 配置防盜鏈 11.26 訪問控制Directory(針對一個目錄做限制) 11.27 訪問控制FilesMatch

12.13 Nginx防盜 12.14 Nginx訪問控制 12.15 Nginx解析php相關配置 12.16 Nginx代理

12.13 nginx防盜鏈 12.14 nginx訪問控制 12.15 nginx解析php相關配置 12.16 nginx代理- 12.13 Nginx防盜鏈 - 12.14 Nginx訪問控制 - 12.15 Nginx解析php相關配置 - 12.16 Nginx代理 - 擴展 - 502問題匯總

LNMP(nginx防盜訪問控制解析php相關配置,Nginx代理,常見502問題)

端口 eal val request bmp 方案 theme lob www 一、nginx防盜鏈nginx防盜鏈:[root@lnmp ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 添加以下內容location

Nginx防盜 Nginx訪問控制 Nginx解析php相關配置 Nginx代理

十二周四次課(3月15日)12.13 Nginx防盜鏈cd /usr/local/nginx/conf/vhostvi test.com.conf將以上內容復制到下圖位置測試,成功前提data/wwwroot/test.com目錄下要有1.gif12.14 Nginx訪問控制cd /usr/local/ngi

nginx防盜訪問控制解析PHP配置,代理

nginx防盜鏈 訪問控制 解析PHP配置代理 配置防盜鏈編輯配置文件valid_referers 定義一個白名單 如果不匹配403return 403也可以定義deny all 拒絕nginx 訪問控制編輯配置文件 只要匹配到就不繼續匹配location 定義目錄allow 允許deny

2018-3-1512周4次課 Nginx防盜訪問控制、配置PHP解析代理

Nginx12.13 Nginx防盜鏈[root@localhost test.com]# vim /usr/local/nginx/conf/vhost/test.com.conf~* 表示不區分大小寫白名單 *.test.com,如果不是白名單,則返回403[root@localhost test.com

Nginx防盜以及訪問控制Nginx解析php配置和代理

NginxNginx防盜鏈 1.編輯配置文件: [root@weixing01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jp

nginx防盜訪問控制PHP解析、服務器代理

nginx防盜鏈、訪問控制、PHP解析、12.13 Nginx防盜鏈 因為該配置也使用location板塊,所以本節可結合日誌管理一起配置: [root@centos-01linux ~]# vim /usr/local/nginx/conf/vhost/test.com.conf……location ~ ^

14.Nginx防盜&Nginx訪問控制&Nginx解析php相關配置&Nginx代理

Nginx防盜鏈 Nginx訪問控制 Nginx解析php相關配置 Nginx代理 [toc] 一、Nginx防盜鏈: 1. 打開配置文件: 增加如下配置文件: [root@xavi ~]# cd /usr/local/nginx/conf/vhost/ [root@xavi vhost]#

四十九、Nginx防盜Nginx訪問控制Nginx解析PHP相關配置、Nginx代理

Nginx防盜鏈 Nginx訪問控制 Nginx解析PHP相關配置 Nginx代理 四十九、Nginx防盜鏈、Nginx訪問控制、Nginx解析PHP相關配置、Nginx代理一、Nginx防盜鏈 必須和“不記錄日誌和過期時間”結合在一起,因為它們同時用到了location。# v

Nginx防盜Nginx訪問控制Nginx解析php相關配置、Nginx代理

nginxNginx防盜鏈首先進入到/usr/local/nginx/conf/vhost/目錄下,編輯配置文件 vim test.com.confvim test.com.conf然後如數如下內容location ~ ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|b

49.Nginx防盜Nginx訪問控制Nginx解析php相關配置、Nginx代理

Nginx防盜鏈 Nginx訪問控制 Nginx解析php相關配置 Nginx代理 一、Nginx防盜鏈 配置如下,可以和上面的配置結合起來 vim /usr/local/nginx/conf/vhost/test.com.conf location ~* ^.+\.(gif|jpg|p

Nginx防盜訪問控制解析php相關配置、Nginx代理

LinuxNginx防盜鏈 編輯虛擬主機配置文件vim /usr/local/nginx/conf/vhost/test.com.conf 在配置文件中添加如下的內容 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|x

Linux centos VMware Nginx防盜Nginx訪問控制Nginx解析php相關配置、Nginx代理

jpeg htm dao bubuko youdao dir cal fastcgi real-ip 一、Nginx防盜鏈 配置如下,可以和上面的配置結合起來 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|