[LNMP]Nginx防盜鏈與訪問控制
防盜鏈
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.aaa.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
} |
2、檢查與過載
|
1
2
3
4
|
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/pic001.gif -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 21:51:35 GMTContent-Type: image/gif
Content-Length: 66698Last-Modified: Sat, 12 Aug 2017 03:29:18 GMTConnection: keep-aliveETag: "598e760e-1048a"
Expires: Mon, 21 Aug 2017 21:51:35 GMTCache-Control: max-age=604800Accept-Ranges: bytes[root@plinuxos ~]# curl -e "http://www.hao123.com" -x127.0.0.1:80 aaa.com/pic001.gif -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 21:52:18 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
訪問控制
限制目錄
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
location /admin/
{
allow 127.0.0.1;
deny all;
}
} |
2、檢查與過載
|
1
2
3
4
|
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@plinuxos ~]# mkdir /data/wwwroot/default/admin
[root@plinuxos ~]# echo "test" > /data/wwwroot/default/admin/1.html
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/admin/1.html -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:13:08 GMTContent-Type: text/html
Content-Length: 5Last-Modified: Mon, 14 Aug 2017 22:03:03 GMTConnection: keep-aliveETag: "59921e17-5"
Accept-Ranges: bytes[root@plinuxos ~]# curl -x122.112.253.88:80 aaa.com/admin/1.html -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:13:13 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
限制檔案
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
location ~ .*(upload|image)/.*.php$
{
deny all;
}
} |
2、檢查與過載
|
1
2
3
4
5
6
|
[root@plinuxos ~]# mkdir /data/wwwroot/default/upload
[root@plinuxos ~]# echo "test" > /data/wwwroot/default/upload/1.php
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
|
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/upload/1.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:19:25 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
限制user-agent
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
if ($http_user_agent ~* `Spider/3.0|YoudaoBot|Tomato`) ##星號忽略大小寫
{
return 403;
}
} |
2、檢查與過載
|
1
2
3
4
|
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@plinuxos ~]# curl -A "apple" -x127.0.0.1:80 aaa.com/upload/1.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:31:09 GMTContent-Type: application/octet-stream
Content-Length: 5Last-Modified: Mon, 14 Aug 2017 22:17:17 GMTConnection: keep-aliveETag: "5992216d-5"
Accept-Ranges: bytes[root@plinuxos ~]# curl -A "tomato" -x127.0.0.1:80 aaa.com/upload/1.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:30:26 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
本文轉自Grodd51CTO部落格,原文連結:http://blog.51cto.com/juispan/1956278,如需轉載請自行聯絡原作者
相關文章
- Nginx——優化與防盜鏈Nginx優化
- Nginx 防盜鏈Nginx
- Nginx最佳化與防盜鏈Nginx
- Nginx網頁優化與防盜鏈Nginx網頁優化
- Linux系統Nginx最佳化與防盜鏈詳細教程LinuxNginx
- 006.Nginx訪問控制Nginx
- Nginx 對訪問量的控制Nginx
- SpringBoot整合FastDFS+Nginx整合基於Token的防盜鏈Spring BootASTNginx
- 聽說你的資源被盜用了,那你知道 Nginx 怎麼防盜鏈嗎?Nginx
- node實現防盜鏈
- 使用nginx控制ElasticSearch訪問許可權NginxElasticsearch訪問許可權
- Nginx執行控制虛擬主機和訪問控制Nginx
- 防盜鏈的實現方法
- Linux系統Apache最佳化與防盜鏈詳細教程LinuxApache
- 一文搞定防盜鏈設計
- 國產github崩了?是防盜鏈啦~Github
- 解決windows docker lnmp訪問慢問題WindowsDockerLNMP
- springboot整合FastDFS使用實現防盜鏈功能Spring BootAST
- Nginx網站服務與LNMP構建Nginx網站LNMP
- Flask——訪問控制Flask
- Mongodb訪問控制MongoDB
- 微信文章圖片防盜鏈處理方法
- NodeJS 伺服器實現資源防盜鏈NodeJS伺服器
- [精選] 用PHP做圖片防盜鏈,你再也盜不了圖片了?PHP
- openGauss 訪問控制模型模型
- ABAC訪問控制模型模型
- 類的訪問控制
- 傳說中圖片防盜鏈的愛恨情仇
- Nginx 配置訪問 swagger 頁面NginxSwagger
- nginx配置https協議訪問NginxHTTP協議
- nginx 專案配置 https 訪問NginxHTTP
- Nginx代理訪問RabbitMQ Management UINginxMQUI
- linux安全篇:禁止頻繁訪問的ip訪問nginxLinuxNginx
- 小程式專案如何設定資源的防盜鏈?
- 七牛 CDN 時間戳防盜鏈簽名實現時間戳
- Ubuntu 增加埠訪問控制Ubuntu
- Swift 中的訪問控制Swift
- IOS - ACL (訪問控制列表)iOS
- HTTP之訪問控制「CORS」HTTPCORS