配置静态元素过期时间
检查httpd是否加载expires模块
打开expires模块功能
虚拟主机配置文件
<IfModule mod_expires.c> ExpiresActive on ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType image/jpg "access plus 24 hours" ExpiresByType text/css "now plus 2 hours" ExpiresByType application/x-javascript "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule>
测试
配置防盗链
虚拟主机的配置文件
<Directory /data/wwwroot/axin.com> SetEnvIfNocase Referer "http://www.123.com" local_ref SetEnvIfNocase Referer "http://123.com" local_ref SetEnvIfNocase Referer "^$" local_ref <FilesMatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> order Allow,Deny Allow from env=local_ref </FilesMatch> </Directory>
只有来自Referer为local_ref的才能访问以(txt|doc|mp3|zip|rar|jpg|gif)结尾的文件
如:点击 http://www.burglar.com/burglar.php
<VirtualHost *:80> DocumentRoot "/data/wwwroot/burglar-chain" ServerName www.burglar.com ServerAlias www.burglar1.com www.burglar2.com ErrorLog "logs/burglar.com-error_log" CustomLog "logs/burglar.com-access_log" common <Directory /data/wwwroot/burglar-chain> SetEnvIfNocase Referer "http://blog.51cto.com/13480443/2073462" local_ref #SetEnvIfNocase Referer "^$" local_ref <FilesMatch burglar.php> order Allow,Deny Allow from env=local_ref </FilesMatch> </Directory> </VirtualHost>
# mkdir -p /data/wwwroot/burglar-chain # vim /data/wwwroot/burglar-chain/burglar.php <?php echo "burglar-chain"; ?>
测试
[root@apenglinux-002 aming.com]# curl -x127.0.0.1:80 www.burglar.com/burglar.php -I HTTP/1.1 403 Forbidden Date: Tue, 27 Feb 2018 06:55:00 GMT Server: Apache/2.4.25 (Unix) PHP/5.6.30 Content-Type: text/html; charset=iso-8859-1 //拒绝访问
访问成功
访问控制
#访问控制-Directory <VirtualHost *:80> DocumentRoot "/data/wwwroot/accesscontrol" ServerName www.accesscontrol.com ServerAlias www.accesscontrol1.com www.accesscontrol2.com <Directory /data/wwwroot/accesscontrol/admin> Order deny,allow Deny from all Allow from 192.168.221.0/24 </Directory> ErrorLog "logs/accesscontrol.com-error_log" CustomLog "logs/accesscontrol.com-access_log" combined </VirtualHost>
<Directory /data/wwwroot/accesscontrol/> <FilesMatch "admin.php(.*)"> Order deny,allow Deny from all Allow from 192.168.221.0/24 </FilesMatch> </Directory>
限制某个目录禁止解析php
<VirtualHost *:80> DocumentRoot "/data/wwwroot/prohibit" ServerName www.prohibit.com ServerAlias www.prohibit1.com www.prohibit2.com <Directory /data/wwwroot/prohibit/upload> php_admin_flag engine off </Directory> ErrorLog "logs/prohibit.com-error_log" CustomLog "logs/prohibit.com-access_log" combined </VirtualHost>
在浏览器上访问时提供了一个下载的窗口
用curl命令访问时,看到了源代码
[root@apenglinux-002 ~]# curl -x127.0.0.1:80 www.prohibit.com/upload/index.php <?php echo "prohibit"; ?>
限制user_Agent
<VirtualHost *:80> DocumentRoot "/data/wwwroot/prohibit" ServerName www.prohibit.com ServerAlias www.prohibit1.com www.prohibit2.com #<Directory /data/wwwroot/prohibit/upload> # php_admin_flag engine off #</Directory> <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] //NC代表不区分大小写,OR表示或者 RewriteCond %{HTTP_USER_AGENT} .*Mozilla.* [NC] RewriteRule .* - [F] //F表示Forbidden </IfModule> ErrorLog "logs/prohibit.com-error_log" CustomLog "logs/prohibit.com-access_log" combined </VirtualHost>