Apache防盗链主要是防止本网站的链接被别人盗用


使用Apache访问控制,禁用来源IP访问


1、修改网站的虚拟主机配置文件

从主配置文件中拷贝模板:

[root@daixuan logs]# vim /usr/local/apache2/conf/httpd.conf

[root@daixuan logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>

........

    <Directory "/data/www">

        AllowOverride None

        Options None

        Order allow,deny

        Allow from all          允许所有访问

        Deny from 127.0.0.1访问    禁用127.0.0.1访问

    </Directory>

...........

</VirtualHost>


2、测试

[root@daixuan logs]# curl -x 127.0.0.1:80 -I www.test.com     127.0.0.1被禁止访问

HTTP/1.1 403 Forbidden

Date: Wed, 02 Dec 2015 02:47:23 GMT

Server: Apache/2.2.31 (Unix) PHP/5.4.45

Content-Type: text/html; charset=iso-8859-1


[root@daixuan logs]# curl -x 192.168.101.230:80 -I www.test.com 192.168.101.230正常访问

HTTP/1.1 301 Moved Permanently

Date: Wed, 02 Dec 2015 02:47:42 GMT

Server: Apache/2.2.31 (Unix) PHP/5.4.45

X-Powered-By: PHP/5.4.45

location: forum.php

Cache-Control: max-age=0

Expires: Wed, 02 Dec 2015 02:47:42 GMT

Content-Type: text/html

[root@daixuan logs]# curl -x 192.168.101.230:80 -I www.test.com/forum.php 正常访问

HTTP/1.1 200 OK


3、如果希望白名单限制管理员登录网页URI:http://www.test.com/admin.php,怎么做?

<VirtualHost *:80>

........

   <filesmatch "(.*)admin(.*)">

        Order deny,allow

         Deny from all           禁用所有访问

         Allow from 127.0.0.1       允许127.0.0.1访问  

         Allow from 192.168.101.230

   </filesmatch>

...........

</VirtualHost>

重启Apache服务后,用PC(192.168.101.175)访问http://www.test.com/admin.php,报错403Forbidden。


[root@daixuan logs]# curl -x 192.168.101.230:80 -I http://www.test.com/admin.php

HTTP/1.1 200 OK                    200,但是192.168.101.230可以正常访问