十一週一次課(12月25日)
11.25 配置防盜鏈
11.26 訪問控制Directory
11.27 訪問控制FilesMatch
擴展
幾種限制ip的方法
http://ask.apelearn.com/question/6519
apache 自定義header
http://ask.apelearn.com/question/830
apache的keepalive和keepalivetimeout
http://ask.apelearn.com/question/556
配置防盜鏈
• 通過限制referer來實現防盜鏈的功能,如果referer是本站就能訪問,如果不是就403
• 配置文件增加如下內容
<Directory /data/wwwroot/www.123.com>
SetEnvIfNoCase Referer "http://www.123.com" local_ref
SetEnvIfNoCase Referer "http://123.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
• curl -e "http://www.aminglinux.com/123.html" 自定義referer
curl -e "http://www.baidu.com/123.txt" -x127.0.0.1:80 123.com/15.png -I
curl -e "http://123.com/123.txt" -x127.0.0.1:80 123.com/15.png -I
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.111.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/123.com"
ServerName 123.com
ServerAlias www.123.com 1123.com.cn
#配置反盜鏈
<Directory /data/wwwroot/123.com>
SetEnvIfNoCase Referer "http://www.123.com" local_ref
SetEnvIfNoCase Referer "http://123.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif|png)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
ErrorLog "logs/123.com-error_log"
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img
</VirtualHost>
訪問控制Directory
• 設置一個目錄只能通過白名單訪問,或者拒絕某個ip訪問。核心配置文件內容
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<Directory /data/wwwroot/www.123.com/admin/>
Order deny,allow #排序,這裏是先拒絕在被允許。哪個在前面就先執行哪個,deny在前面就先執行Deny from all再執行Allow
Deny from all #拒絕所有
Allow from 127.0.0.1 #允許本機
</Directory>
• curl測試狀態碼爲403則
admin目錄下的都是403
訪問控制FilesMatch
Directory是控制目錄。FilesMatch是控制一個鏈接(匹配頁面和後面所帶的參數)
•核心配置文件內容
<Directory /data/wwwroot/123.com>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>