Centos7.4--apache Optimization Application Four (anti-theft chain)

Apache optimized application Four (anti-theft chain)
Directory
The first part of the preparatory work
Second part installs Apache service
Part III Configuration hotlinking
Part IV Configuring a domain-based anti-theft chain

The first part of the preparatory work
One: Server two: Linux system-centos 7.4;
IP Address: 192.168.80.10 (legitimate server)
192.168.80.40 (illegal hotlinking server)
Note: Both servers are installing the APAHCE service

Client: Take WIN7 as an example, test the result of verification, and the server in the same network segment;
IP Address: 192.168.80.2

Two: Prepare the package for compression

Apr-1.6.2.tar.gz and apr-util-1.6.0.tar.gz are required plugins for httpd2.4 later versions and must be installed

Third: Close the firewall with SELinux

Second part installs Apache service
One: Install the compilation tools and plugins
[[email protected] ~]# yum-y install \

GCC \
gcc-c++ \
Make \
Pcre-devel \
Expat-devel \
Perl

Two: Unzip:
[Email protected] ~]# Tar XF apr-1.6.2.tar.gz
[Email protected] ~]# Tar XF apr-util-1.6.0.tar.gz
[Email protected] ~]# Tar XF httpd-2.4.29.tar.bz2
[Email protected] ~]# MV apr-1.6.2 HTTPD-2.4.29/SRCLIB/APR
[Email protected] ~]# MV apr-util-1.6.0 httpd-2.4.29/srclib/apr-util

Three: Configuration (custom personalization)
[[Email protected] ~]# CD httpd-2.4.29//must enter the installation directory
[Email protected] httpd-2.4.29]#/configure \

--PREFIX=/USR/LOCAL/HTTPD \//Specifies to install the HTTPD program into the/USR/LOCAL/HTTPD directory
--ENABLE-SO \//Enable dynamic load module function
--enable-rewrite \//Enable Web page address rewriting for website optimization and Directory Migration
--enable-charset-lite \//enable character set support to support Web pages that are encoded using a variety of character sets
--ENABLE-CGI//Enable CGI scripting support for extended Web site application access

IV: Compilation and Installation
[[email protected] httpd-2.4.29]# make && make install

To add a httpd service to a system service
[Email protected] httpd-2.4.29]# CP/USR/LOCAL/HTTPD/BIN/APACHECTL/ETC/INIT.D/HTTPD
[Email protected] httpd-2.4.29]# VI/ETC/INIT.D/HTTPD
Add the following two lines (Note that "#" cannot be omitted):

Save exit

[[email protected] httpd-2.4.29]# chkconfig--add httpd//Add httpd to service Manager
[[email protected] httpd-2.4.29]# Systemctl daemon-reload//heavy-duty system System Manager

V: Edit httpd master configuration file
[Email protected] httpd-2.4.29]# vi/usr/local/httpd/conf/httpd.conf
Modify the following content:
ServerName localhost
Save exit
Optimized execution path (the original path of the executing program file is not in the PATH environment variable, do a soft link to make it executable)
[Email protected] httpd-2.4.29]# ln-s/usr/local/httpd/conf/httpd.conf/etc/
[Email protected] httpd-2.4.29]# ln-s/usr/local/httpd/bin/*/usr/local/bin/

Check for syntax errors
[Email protected] httpd-2.4.29]# httpd–t
Or: [[email protected] httpd-2.4.29]# apachectl–t

View Program version

Six: Start the service
[Email protected] httpd-2.4.29]# systemctl start httpd
[[email protected] httpd-2.4.29]# Systemctl enable httpd//set httpd to boot
[Email protected] httpd-2.4.29]# NETSTAT-ANPT | grep 80//View httpd service Run status

Seven: Validation
Accessing the server with the WIN7 client
Browser access: http://192.168.80.10

Browser access: http://192.168.80.40

Validation successful
(Note that the default content of the Web page is:/usr/local/httpd/htdocs/index.html)

Part III Configuration hotlinking
One: Configure the Web page file on a legitimate server
[Email protected] ~]# cd/usr/local/httpd/htdocs/
[Email protected] htdocs]# VI index.html
<title>i AM ok!</title>
<body>

</body>

Save exit
[[Email protected] htdocs]# service httpd restart//Restart services

Two: Verification
Win7 Access: 192.168.80.10

Third: Configure the Web page file on the illegal hotlinking server
[Email protected] ~]# cd/usr/local/httpd/htdocs/
[Email protected] htdocs]# VI index.html
<title>i AM hei</title>
<body>

</body>

Save exit
[[Email protected] htdocs]# service httpd restart//Restart services

Four: Validation
Access 192.168.80.40 under Win7

Verify hotlinking Success

Part IV Configuring a domain-based anti-theft chain
First step: Configure a legitimate server
One: Build DNS
[email protected] htdocs]# Yum install-y bind bind-utils
[[email protected] htdocs]# vi/etc/named.conf//Edit DNS master configuration file

[[email protected] htdocs]# vi/etc/named.rfc1912.zones//Edit DNS zone configuration file

[[email protected] htdocs]# cd/var/named///Edit DNS zone data file
[Email protected] named]# cp-p named.localhost aa.com.zone
[Email protected] named]# VI aa.com.zone

[[Email protected] named]# service named restart//Restart DNS services
[Email protected] named]# NETSTAT-ANPT | grep named//view DNS health status

[email protected] named]# nslookup www.aa.com//parsing www.aa.com

[[email protected] named]# vi/etc/resolv.conf//configure server DNS
ServerName 192.168.80.10
Save exit
[Email protected] named]# Systemctl restart named

II: Configure DNS under WIN7

Test DNS

DNS Build Success

Three: Create a virtual directory
[[email protected] ~]# vi/etc/httpd.conf//Edit HTTP master configuration file
Add the following content:
alias/doc/"/opt/doc/"
<directory "/opt/doc" >
Options Indexes multiviews FollowSymLinks
AllowOverride None
Order Allow,deny
Allow from all
Require all granted
</Directory>

Save exit
[[email protected] ~]# apachectl–t//Check syntax error
[[Email protected] ~]# service httpd restart//Restart services

Place the error.jpg (anti-theft chain file) in the/opt/doc/directory

Four: Configure the anti-theft chain
[[[email protected] ~]# apachectl-d dump_modules | grep rewrite//check module
[[email protected] ~] # vi/etc/httpd.conf
Add the following:
LoadModule rewrite_module modules/mod_rewrite.so//Add anti-Theft link module

Save Exit
[[ Email protected] ~]# apachectl-t//Check syntax error
[[email protected] htdocs]# vi/etc/httpd.conf
// For the directory to do anti-theft chain processing, in the Htdocs directory properties last location added
<directory "/usr/local/httpd/htdocs" > the location last
Add the following:
Rewriteengine on/ /whitelist, allow only own site content
Rewritecond%{http_referer}!^http://192.168.80.10/
Rewritecond%{http_referer}!^http:// aa.com/. $ [NC]
Rewritecond%{http_referer}!^http://aa.com$ [NC]
Rewritecond%{http_referer}!^http://www.aa.com/. $ [NC]
Rewritecond%{http_referer}!^http://www.aa.com$ [NC]
Rewriterule. . (gif|jpg|swf|png) $ http://www.aa.com/doc/error.jpg [R,NC]//need to redirect to a location that the hotlinking host can access, otherwise you will not see the effect.

[[email protected] htdocs]# apachectl–t
[[email protected] htdocs]# service httpd restart

Step Two: Configure an illegal hotlinking server
One: Configure the DNS service
[email protected] ~]# Yum install-y bind bind-utils
[Email protected] ~]# vi/etc/named.conf

[Email protected] ~]# Vi/etc/named.rfc1912.zones

[Email protected] ~]# cd/var/named/
[Email protected] named]# cp-p named.localhost bb.com.zone
[Email protected] named]# VI bb.com.zone

[Email protected] named]# vi/etc/resolv.conf
ServerName 192.168.80.40
Save exit
[[email protected] named]# systemctl Restart named//Restart DNS service

Two: Verification
Browser access Illegal hotlinking server: www.bb.com

Validation successful

Centos7.4--apache Optimization Application Four (anti-theft chain)