2018-3-6 Linux Learning Notes

Source: Internet
Author: User
Tags rar

11.25 Configuring the anti-theft chain
    • background : Sometimes we don't want to allow other websites to access documents, images, audio and other documents that are located on our website by means of Web links, which can be implemented by restricting referer to the anti-theft chain.
    • How to configure the anti-theft chain:
    • Vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
    • The configuration file adds the following:
      <Directory/data/wwwroot/123.com>
      Setenvifnocase Referer "http://123.com" Local_ref
      Setenvifnocase Referer "http://www.baidu.com" Local_ref
      Setenvifnocase Referer "^$" Local_ref
      <filesmatch ". (txt|doc|mp3|zip|rar|jpg|gif|png) ">
      Order Allow,deny
      Allow from Env=local_ref
      </FilesMatch>
      </Directory>
    • The above configuration means that access to this site can be accessed only through http://123.com,http://www.baidu.com and empty referer (like accessing the address directly in the browser, without a jump) three ways of accessing the Txt|doc|mp3|zip |rar|jpg|gif|png, and any other requests for access are rejected.
    • Reload the configuration file:
      /usr/local/apache2.4/bin/apachectl-t
      /usr/local/apache2.4/bin/apachectl Graceful
    • Post-Configuration test:
    • (1) Custom Referer Access test:
      Curl-e "http://123.com"-x127.0.0.1:80-i 123.com/qq.png
      Curl-e "http://www.baidu.com"-x127.0.0.1:80-i 123.com/qq.png
    • (2) NULL Referer access test:
      Curl-x127.0.0.1:80-i 123.com/qq.png
11.26 Access Control Directory
    • background: Sometimes our site some content, such as the background management page, for security, do not want to external access, at this time we can access control directory (limited source IP) method only let the source IP for internal access through, the other all rejected.
    • To configure access control directory methods:
    • Vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
    • The configuration file adds the following:
      <Directory/data/wwwroot/www.123.com/admin/> #配置访问控制的目标目录
      Order Deny,allow #是否能访问的顺序 (can ultimately be accessed by this line)
      Deny from all
      Allow from 127.0.0.1 #控制对象为来源IP
      </Directory>
    • Reload the configuration file:
      /usr/local/apache2.4/bin/apachectl-t
      /usr/local/apache2.4/bin/apachectl Graceful
    • Post-Configuration test:

      The Curl Test status code is 403, and the description is restricted to access.
11.27 Access Control FilesMatch
    • Access control FilesMatch and access control directory features are similar, except that FilesMatch Controls access control for smaller-scale layers (files).
    • To configure the access control FilesMatch method:
    • Vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
    • The configuration file adds the following:
      <Directory/data/wwwroot/123.com>
      <filesmatch "admin.php (. *)" >
      Order Deny,allow
      Deny from all
      Allow from 127.0.0.1
      </FilesMatch>
      </Directory>
    • Reload the configuration file:
      /usr/local/apache2.4/bin/apachectl-t
      /usr/local/apache2.4/bin/apachectl Graceful
    • Post-Configuration test:

Extended Learning:
Several methods of restricting IP http://ask.apelearn.com/question/6519
Apache Custom Header http://ask.apelearn.com/question/830
Apache's keepalive and KeepAliveTimeout http://ask.apelearn.com/question/556

2018-3-6 Linux Learning Notes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.