[LAMP]防盗链与访问控制

一、防盗链

    有时候，网站的流量会异常庞大。经过观察，会发现一些静态的图片等元素被盗用了。使用防盗链，可以防止元素被外链。通过限制referer能实现防盗链的功能。

1）配置虚拟主机

[root@juispan ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/123.com"
    ServerName 123.com
    ErrorLog "logs/123.com-error_log"
    CustomLog "logs/123.com-access_log" common
    <Directory /data/www/123.com>
        SetEnvIfNoCase Referer "http://www.123.com" local_ref
        SetEnvIfNoCase Referer "http://123.com" local_ref
        SetEnvIfNoCase Referer "^$" local_ref
        <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
            Order Allow,Deny
            Allow from env=local_ref
        </filesmatch>
    </Directory>
</VirtualHost>

2）检查重新加载

[root@juispan ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@juispan ~]# /usr/local/apache2.4/bin/apachectl graceful

3）测试效果

[root@juispan 123.com]# curl -x127.0.0.1:80 123.com/123.gif -I 
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2017 12:26:31 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Last-Modified: Fri, 21 Jul 2017 12:26:31 GMT
ETag: W/"8c5-555b2e6023fc0"
Accept-Ranges: bytes
Content-Length: 2245
Content-Type: p_w_picpath/gif

[root@juispan 123.com]# curl -e "http://baidu.com" -x127.0.0.1:80 123.com/123.gif -I 
HTTP/1.1 403 Forbidden
Date: Fri, 21 Jul 2017 12:26:11 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

二、访问控制

1、Directory

1）配置虚拟主机

[root@juispan ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/123.com"
    ServerName 123.com
    ErrorLog "logs/123.com-error_log"
    CustomLog "logs/123.com-access_log" common
    <Directory /data/www/123.com>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>
</VirtualHost>

2）检查重新加载

[root@juispan ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@juispan ~]# /usr/local/apache2.4/bin/apachectl graceful

3）测试效果

[root@juispan 123.com]# curl -x127.0.0.1:80 123.com -I 
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2017 12:33:02 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@juispan 123.com]# curl -x192.168.137.100:80 123.com -I 
HTTP/1.1 403 Forbidden
Date: Fri, 21 Jul 2017 12:33:14 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1

2、FilesMatch

1）配置虚拟主机

[root@juispan ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/www/123.com"
    ServerName 123.com
    ErrorLog "logs/123.com-error_log"
    CustomLog "logs/123.com-access_log" common
    <Directory /data/www/123.com>
        <FilesMatch  "index.php(.*)">
            Order deny,allow
            Deny from all
            Allow from 127.0.0.1
        </FilesMatch>    
    </Directory>
</VirtualHost>

2）检查重新加载

[root@juispan ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@juispan ~]# /usr/local/apache2.4/bin/apachectl graceful

3）测试效果

[root@juispan 123.com]# curl -x127.0.0.1:80 123.com/index.php -I
HTTP/1.1 200 OK
Date: Fri, 21 Jul 2017 12:39:13 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@juispan 123.com]# curl -x192.168.137.100:80 123.com/index.php -I
HTTP/1.1 403 Forbidden
Date: Fri, 21 Jul 2017 12:39:26 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1