[LNMP]Nginx防盜鏈與訪問控制
防盜鏈
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.aaa.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
} |
2、檢查與過載
|
1
2
3
4
|
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/pic001.gif -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 21:51:35 GMTContent-Type: image/gif
Content-Length: 66698Last-Modified: Sat, 12 Aug 2017 03:29:18 GMTConnection: keep-aliveETag: "598e760e-1048a"
Expires: Mon, 21 Aug 2017 21:51:35 GMTCache-Control: max-age=604800Accept-Ranges: bytes[root@plinuxos ~]# curl -e "http://www.hao123.com" -x127.0.0.1:80 aaa.com/pic001.gif -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 21:52:18 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
訪問控制
限制目錄
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
location /admin/
{
allow 127.0.0.1;
deny all;
}
} |
2、檢查與過載
|
1
2
3
4
|
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@plinuxos ~]# mkdir /data/wwwroot/default/admin
[root@plinuxos ~]# echo "test" > /data/wwwroot/default/admin/1.html
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/admin/1.html -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:13:08 GMTContent-Type: text/html
Content-Length: 5Last-Modified: Mon, 14 Aug 2017 22:03:03 GMTConnection: keep-aliveETag: "59921e17-5"
Accept-Ranges: bytes[root@plinuxos ~]# curl -x122.112.253.88:80 aaa.com/admin/1.html -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:13:13 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
限制檔案
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
location ~ .*(upload|image)/.*.php$
{
deny all;
}
} |
2、檢查與過載
|
1
2
3
4
5
6
|
[root@plinuxos ~]# mkdir /data/wwwroot/default/upload
[root@plinuxos ~]# echo "test" > /data/wwwroot/default/upload/1.php
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
|
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/upload/1.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:19:25 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
限制user-agent
1、編輯配置檔案
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf
server{ listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
access_log /tmp/default.log juispan;
if ($http_user_agent ~* `Spider/3.0|YoudaoBot|Tomato`) ##星號忽略大小寫
{
return 403;
}
} |
2、檢查與過載
|
1
2
3
4
|
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
|
3、測試效果
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@plinuxos ~]# curl -A "apple" -x127.0.0.1:80 aaa.com/upload/1.php -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:31:09 GMTContent-Type: application/octet-stream
Content-Length: 5Last-Modified: Mon, 14 Aug 2017 22:17:17 GMTConnection: keep-aliveETag: "5992216d-5"
Accept-Ranges: bytes[root@plinuxos ~]# curl -A "tomato" -x127.0.0.1:80 aaa.com/upload/1.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Mon, 14 Aug 2017 22:30:26 GMTContent-Type: text/html
Content-Length: 169Connection: keep-alive |
本文轉自Grodd51CTO部落格,原文連結:http://blog.51cto.com/juispan/1956278,如需轉載請自行聯絡原作者
相關文章
- Nginx中防盜鏈(下載防盜鏈和圖片防盜鏈)及圖片訪問地址操作記錄Nginx
- Nginx——優化與防盜鏈Nginx優化
- Nginx 防盜鏈Nginx
- Nginx最佳化與防盜鏈Nginx
- Nginx網頁優化與防盜鏈Nginx網頁優化
- Nginx 優化與防盜鏈實踐教程Nginx優化
- nginx 中防盜鏈設定Nginx
- 為Nginx配置圖片防盜鏈薦Nginx
- 跨域訪問和防盜鏈基本原理(一)跨域
- 跨域訪問和防盜鏈基本原理(二)跨域
- Nginx訪問控制Nginx
- Linux系統Nginx最佳化與防盜鏈詳細教程LinuxNginx
- lighttpd防盜鏈httpd
- 聽說你的資源被盜用了,那你知道 Nginx 怎麼防盜鏈嗎?Nginx
- node實現防盜鏈
- 006.Nginx訪問控制Nginx
- Nginx 對訪問量的控制Nginx
- WEB伺服器防盜鏈_HttpAccessKeyModule_Referer(Nginx&&PHP)Web伺服器HTTPNginxPHP
- 防盜鏈的實現方法
- 利用service worker破解防盜鏈
- 網站防盜鏈專家網站
- c# 圖片防盜鏈C#
- SpringBoot整合FastDFS+Nginx整合基於Token的防盜鏈Spring BootASTNginx
- 國產github崩了?是防盜鏈啦~Github
- php防盜鏈幾種程式碼PHP
- Apache防盜鏈的使用和破解Apache
- 使用nginx控制ElasticSearch訪問許可權NginxElasticsearch訪問許可權
- nginx的高階配置(5)——訪問控制Nginx
- 網站盜鏈是什麼?盜鏈與廣告流量問題及如何防止網站
- Nginx執行控制虛擬主機和訪問控制Nginx
- 一文搞定防盜鏈設計
- Nginx訪問控制_IP訪問控制(http_access_module)原理、侷限性、解決方法講解NginxHTTP
- Linux系統Apache最佳化與防盜鏈詳細教程LinuxApache
- [php]referer應用--http防盜鏈技術PHPHTTP
- Nginx訪問MongoDBNginxMongoDB
- 解決windows docker lnmp訪問慢問題WindowsDockerLNMP
- 微信文章圖片防盜鏈處理方法
- Nginx訪問控制_登陸許可權的控制(http_auth_basic_module)NginxHTTP