Apache防盗链主要是防止本网站的链接被别人盗用
使用Apache访问控制,禁用来源IP访问
1、修改网站的虚拟主机配置文件
从主配置文件中拷贝模板:
[iyunv@daixuan logs]# vim /usr/local/apache2/conf/httpd.conf
[iyunv@daixuan logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
........
<Directory "/data/www">
AllowOverride None
Options None
Order allow,deny
Allow from all 允许所有访问
Deny from 127.0.0.1访问 禁用127.0.0.1访问
</Directory>
...........
</VirtualHost>
2、测试
[iyunv@daixuan logs]# curl -x 127.0.0.1:80 -I www.test.com 127.0.0.1被禁止访问
HTTP/1.1 403 Forbidden
Date: Wed, 02 Dec 2015 02:47:23 GMT
Server: Apache/2.2.31 (Unix) PHP/5.4.45
Content-Type: text/html; charset=iso-8859-1
[iyunv@daixuan logs]# curl -x 192.168.101.230:80 -I www.test.com 192.168.101.230正常访问
HTTP/1.1 301 Moved Permanently
Date: Wed, 02 Dec 2015 02:47:42 GMT
Server: Apache/2.2.31 (Unix) PHP/5.4.45
X-Powered-By: PHP/5.4.45
location: forum.php
Cache-Control: max-age=0
Expires: Wed, 02 Dec 2015 02:47:42 GMT
Content-Type: text/html
[iyunv@daixuan logs]# curl -x 192.168.101.230:80 -I www.test.com/forum.php 正常访问
HTTP/1.1 200 OK
3、如果希望白名单限制管理员登录网页URI:http://www.test.com/admin.php,怎么做?
<VirtualHost *:80> ........ <filesmatch "(.*)admin(.*)"> Order deny,allow Deny from all 禁用所有访问 Allow from 127.0.0.1 允许127.0.0.1访问 Allow from 192.168.101.230 </filesmatch>
........... </VirtualHost> 重启Apache服务后,用PC(192.168.101.175)访问http://www.test.com/admin.php,报错403Forbidden。
[iyunv@daixuan logs]# curl -x 192.168.101.230:80 -I http://www.test.com/admin.php
HTTP/1.1 200 OK 200,但是192.168.101.230可以正常访问
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2015-12-3 08:39:45
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡