【CentOS 7架构12】,Apache配置防盗链#171226

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

hellopasswd


配置防盗链

  • 通过限制referer来实现防盗链的功能
  • 配置文件增加如下内容 Order Allow,Deny Allow from env=local_ref
  • curl -e "http://www.baidu.com/111.html" #自定义referer

所谓防盗链是防止被下载或转载

[root@localhost ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
     43 #    
     44     
     45         SetEnvIfNoCase Referer "http://111.com" local_ref
     46         SetEnvIfNoCase Referer "http://abc.com" local_ref
     47         #SetEnvIfNoCase Referer "^$" local_ref
     48         
     49                 Order Allow,Deny
     50                 Allow from env=local_ref
     51         
     52          53     ErrorLog "logs/111.com-error_log"     54     SetEnvIf Request_URI ".*\.gif$" img     55     SetEnvIf Request_URI ".*\.jpg$" img     56     SetEnvIf Request_URI ".*\.png$" img     57     SetEnvIf Request_URI ".*\.bmp$" img     58     SetEnvIf Request_URI ".*\.swf$" img

SetEnvIfNoCase Referer白名单 Order Allow,Deny和Allow from env=local_ref为访问控制

[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful

[root@localhost ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
     44     
     45         SetEnvIfNoCase Referer "http://111.com" local_ref
     46         SetEnvIfNoCase Referer "http://abc.com" local_ref
     47         SetEnvIfNoCase Referer "http://ask.apelearn.com/question/17394" local_ref
     48         #SetEnvIfNoCase Referer "^$" local_ref
     49         
     50                 Order Allow,Deny
     51                 Allow from env=local_ref
     52          
     53     
     54     ErrorLog "logs/111.com-error_log"
     55     SetEnvIf Request_URI ".*\.gif$" img
     56     SetEnvIf Request_URI ".*\.jpg$" img
     57     SetEnvIf Request_URI ".*\.png$" img
     58     SetEnvIf Request_URI ".*\.bmp$" img
     59     SetEnvIf Request_URI ".*\.swf$" img

若想不使用referer情况运行显示,则将SetEnvIfNoCase Referer "^$" local_ref取消注释

[root@localhost ~]# curl -e "http://www.qq.com/111.txt" -x 127.0.0.1:80 111.com/1111.png -I
HTTP/1.1 404 Not Found
Date: Sat, 04 Nov 2017 14:35:24 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Content-Type: text/html; charset=iso-8859-1

[root@localhost ~]# curl -e "http://www.111.com/111.txt" -x 127.0.0.1:80 111.com/1111.png -I
HTTP/1.1 200 OK
Date: Sun, 05 Nov 2017 07:49:48 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Last-Modified: Sun, 05 Nov 2017 07:49:48 GMT
ETag: W/"99ad-560d9271dfe00"
Accept-Ranges: bytes
Content-Length: 39341
Content-Type: image/png

[root@localhost ~]# tail /usr/local/apache2.4/logs/111.com-access_20171105.log 
192.168.9.1 - - [05/Nov/2017:14:59:03 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
192.168.9.1 - - [05/Nov/2017:14:59:03 +0800] "GET /1111.pn HTTP/1.1" 404 205 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"
192.168.9.1 - - [05/Nov/2017:15:41:00 +0800] "GET /user.php HTTP/1.1" 200 10 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"
192.168.9.1 - - [05/Nov/2017:15:42:41 +0800] "GET /user.php HTTP/1.1" 200 10 "http://ask.apelearn.com/question/17394" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)"

若域名是带二级域名的

SetEnvIfNoCase Referer "^http://.*\.yourdomin\.com" local_ref
SetEnvIfNoCase Referer ".*\.yourdomin\.com" local_ref

第二行就是通配


修改与201726

转载于:https://my.oschina.net/hellopasswd/blog/1594855

你可能感兴趣的:(【CentOS 7架构12】,Apache配置防盗链#171226)