Apache防盗链
Apache安装包
链接:https://pan.baidu.com/s/11X5CEWoVemxlGuNQqn9cuA
提取码:jn6l
1、安装配置Apache服务
1.1、通过共享,将Apache安装包挂载到虚拟机上
[root@localhost ~]# smbclient -L //192.168.10.64
Enter SAMBA\root's password:
Sharename Type Comment
--------- ---- -------
IPC$ IPC 远程 IPC
share Disk
Users Disk
Reconnecting with SMB1 for workgroup listing.
Connection to 192.168.10.64 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Failed to connect with SMB1 -- no workgroup available
[root@localhost ~]# mount.cifs //192.168.10.64/share /mnt
Password for root@//192.168.10.64/share:
[root@localhost ~]#
1.2 安装dns服务软件包
[root@localhost ~]# yum install bind -y
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* extras: mirrors.163.com
* updates: centos.ustc.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 bind.x86_64.32.9.11.4-9.P2.el7 将被 安装
--> 正在处理依赖关系 bind-libs-lite(x86-64) = 32:9.11.4-9.P2.el7,它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要
--> 正在处理依赖关系 bind-libs(x86-64) = 32:9.11.4-9.P2.el7,它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要
--> 正在处理依赖关系 liblwres.so.160()(64bit),它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要
--> 正在处理依赖关系 libisccfg.so.160()(64bit),它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要
1.2 修改dns主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; //改成any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //改成any
1.2修改dns区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
#添加下面内容
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
1.2复制dns区域数据配置文件模板,并修改dns区域数据配置文件
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone
[root@localhost ~]# vim /var/named/kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.102.166
1.2开启dns服务关闭防火墙
[root@localhost ~]# systemctl start named
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]#
2、手工编译安装apache服务
2.1解压apache安装软件包
[root@localhost ~]# tar zvxf /mnt/LAMP-C7/apr-1.6.2.tar.gz -C /opt
[root@localhost ~]# tar zvxf /mnt/LAMP-C7/apr-util-1.6.0.tar.gz -C /opt
[root@localhost ~]# tar jxvf /mnt/LAMP-C7/httpd-2.4.29.tar.bz2 -C /opt
2.2 移动跨平台组件位置
[root@localhost ~]# mv /opt/apr-1.6.2 /opt/httpd-2.4.29/srclib/apr
[root@localhost ~]# mv /opt/apr-util-1.6.0 /opt/httpd-2.4.29/srclib/apr-util
[root@localhost ~]#
2.3 安装环境必要软件包
[root@localhost ~]# yum -y install \
> gcc \
> gcc-c++ \
> make \
> pcre-devel \
> zlib-devel \
> expat-devel \
> pcre \
> perl
2.4 进行configure配置
[root@localhost ~]# cd /opt/httpd-2.4.29/
[root@localhost httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-so \
> --enable-deflate \
> --enable-expires \
> --enable-rewrite \
> --enable-charset-lite \
> --enable-cgi
2.5 编译及编译安装
[root@localhost httpd-2.4.29]# make && make install
3、配置防盗链服务
3.1修改监听地址和域名
[root@localhost ~]# vim /usr/local/httpd/conf/httpd.conf
#Change this to Listen on specific IP addresses as shown below to
#prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
#Listen 80
Listen 192.168.102.166:80
#ServerName gives the name and port that the server uses to identify itself.
#This can often be determined automatically, but we recommend you specify
#it explicitly to prevent problems during startup.
#If your host doesn't have a registered DNS name, enter its IP address here.
ServerName www.kgc.com:80
#Deny access to the entirety of your server's filesystem. You must
#explicitly permit access to web
3.2 开启防盗链功能
[root@localhost ~]# vim /usr/local/httpd/conf/httpd.conf
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
244 AllowOverride None
245
246 #
247 # Controls who can get stuff from this server.
248 #
249 Require all granted
250 RewriteEngine On
251 RewriteCond %{HTTP_REFERER} !^http://kgc.com/.*$ [NC]
252 RewriteCond %{HTTP_REFERER} !^http://kgc.com$ [NC]
253 RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/.*$ [NC]
254 RewriteCond %{HTTP_REFERER} !^http://www.kgc.com$ [NC]
255 RewriteRule .*.(gif|jpg|swf)$ http://www.kgc.com/error.png
256
257
258 #
259 # DirectoryIndex: sets the file that Apache will serve if a directory
3.3 修改apache首页内容
[root@localhost ~]# vim /usr/local/httpd/htdocs/index.html
this is test web
3.3 复制挂载文件夹内的图片
[root@localhost htdocs]# cp /mnt/LAMP-C7/game.jpg /usr/local/httpd/htdocs/
[root@localhost htdocs]# cp /mnt/LAMP-C7/error.png /usr/local/httpd/htdocs/
[root@localhost htdocs]# ls
error.png game.jpg index.html
[root@localhost htdocs]#
3.4重启apache服务
[root@localhost ~]# /usr/local/httpd/bin/apachectl stop
httpd (no pid file) not running
[root@localhost ~]# /usr/local/httpd/bin/apachectl start
[root@localhost ~]#
4、创建盗链网站
4.1再开一台虚拟机,安装apache服务
[root@localhost ~]# yum install httpd -y
4.2修改配置文件中监听地址
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
33 #
34 # Listen: Allows you to bind Apache to specific IP addresses and/or
35 # ports, instead of the default. See also the
36 # directive.
37 #
38 # Change this to Listen on specific IP addresses as shown below to
39 # prevent Apache from glomming onto all bound IP addresses.
40 #
41 Listen 192.168.102.167:80
42 #Listen 80
43
44 #
45 # Dynamic Shared Object (DSO) Support
46 #
86 ServerAdmin root@localhost
87
88 #
89 # ServerName gives the name and port that the server uses to identify itself.
90 # This can often be determined automatically, but we recommend you specify
91 # it explicitly to prevent problems during startup.
92 #
93 # If your host doesn't have a registered DNS name, enter its IP address here.
94 #
95 ServerName www.kgc.com:80
96
97 #
98 # Deny access to the entirety of your server's filesystem. You must
99 # explicitly permit access to web content directories in other
100 # blocks below.
101 #
4.3 修改apache网站主页
[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# vim index.html
this is test web
~
~
4.4 添加域名解析服务器地址
[root@localhost ~]# echo "nameserver 192.168.102.166" > /etc/resolv.conf
[root@localhost ~]#
4.5 重启apache服务
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]#