Apache optimized application Four (anti-theft chain)
Directory
The first part of the preparatory work
Second part installs Apache service
Part III Configuration hotlinking
Part IV Configuring a domain-based anti-theft chain
The first part of the preparatory work
One: Server two: Linux system-centos 7.4;
IP Address: 192.168.80.10 (legitimate server)
192.168.80.40 (illegal hotlinking server)
Note: Both servers are installing the APAHCE service
Client: Take WIN7 as an example, test the result of verification, and the server in the same network segment;
IP Address: 192.168.80.2
Two: Prepare the package for compression
Apr-1.6.2.tar.gz and apr-util-1.6.0.tar.gz are required plugins for httpd2.4 later versions and must be installed
Third: Close the firewall with SELinux
Second part installs Apache service
One: Install the compilation tools and plugins
[[email protected] ~]# yum-y install \
GCC \
gcc-c++ \
Make \
Pcre-devel \
Expat-devel \
Perl
Two: Unzip:
[Email protected] ~]# Tar XF apr-1.6.2.tar.gz
[Email protected] ~]# Tar XF apr-util-1.6.0.tar.gz
[Email protected] ~]# Tar XF httpd-2.4.29.tar.bz2
[Email protected] ~]# MV apr-1.6.2 HTTPD-2.4.29/SRCLIB/APR
[Email protected] ~]# MV apr-util-1.6.0 httpd-2.4.29/srclib/apr-util
Three: Configuration (custom personalization)
[[Email protected] ~]# CD httpd-2.4.29//must enter the installation directory
[Email protected] httpd-2.4.29]#/configure \
--PREFIX=/USR/LOCAL/HTTPD \//Specifies to install the HTTPD program into the/USR/LOCAL/HTTPD directory
--ENABLE-SO \//Enable dynamic load module function
--enable-rewrite \//Enable Web page address rewriting for website optimization and Directory Migration
--enable-charset-lite \//enable character set support to support Web pages that are encoded using a variety of character sets
--ENABLE-CGI//Enable CGI scripting support for extended Web site application access
IV: Compilation and Installation
[[email protected] httpd-2.4.29]# make && make install
To add a httpd service to a system service
[Email protected] httpd-2.4.29]# CP/USR/LOCAL/HTTPD/BIN/APACHECTL/ETC/INIT.D/HTTPD
[Email protected] httpd-2.4.29]# VI/ETC/INIT.D/HTTPD
Add the following two lines (Note that "#" cannot be omitted):
Save exit
[[email protected] httpd-2.4.29]# chkconfig--add httpd//Add httpd to service Manager
[[email protected] httpd-2.4.29]# Systemctl daemon-reload//heavy-duty system System Manager
V: Edit httpd master configuration file
[Email protected] httpd-2.4.29]# vi/usr/local/httpd/conf/httpd.conf
Modify the following content:
ServerName localhost
Save exit
Optimized execution path (the original path of the executing program file is not in the PATH environment variable, do a soft link to make it executable)
[Email protected] httpd-2.4.29]# ln-s/usr/local/httpd/conf/httpd.conf/etc/
[Email protected] httpd-2.4.29]# ln-s/usr/local/httpd/bin/*/usr/local/bin/
Check for syntax errors
[Email protected] httpd-2.4.29]# httpd–t
Or: [[email protected] httpd-2.4.29]# apachectl–t
View Program version
Six: Start the service
[Email protected] httpd-2.4.29]# systemctl start httpd
[[email protected] httpd-2.4.29]# Systemctl enable httpd//set httpd to boot
[Email protected] httpd-2.4.29]# NETSTAT-ANPT | grep 80//View httpd service Run status
Seven: Validation
Accessing the server with the WIN7 client
Browser access: http://192.168.80.10
Browser access: http://192.168.80.40
Validation successful
(Note that the default content of the Web page is:/usr/local/httpd/htdocs/index.html)
Part III Configuration hotlinking
One: Configure the Web page file on a legitimate server
[Email protected] ~]# cd/usr/local/httpd/htdocs/
[Email protected] htdocs]# VI index.html
<title>i AM ok!</title>
<body>
</body>
Save exit
[[Email protected] htdocs]# service httpd restart//Restart services
Two: Verification
Win7 Access: 192.168.80.10
Third: Configure the Web page file on the illegal hotlinking server
[Email protected] ~]# cd/usr/local/httpd/htdocs/
[Email protected] htdocs]# VI index.html
<title>i AM hei</title>
<body>
</body>
Save exit
[[Email protected] htdocs]# service httpd restart//Restart services
Four: Validation
Access 192.168.80.40 under Win7
Verify hotlinking Success
Part IV Configuring a domain-based anti-theft chain
First step: Configure a legitimate server
One: Build DNS
[email protected] htdocs]# Yum install-y bind bind-utils
[[email protected] htdocs]# vi/etc/named.conf//Edit DNS master configuration file
[[email protected] htdocs]# vi/etc/named.rfc1912.zones//Edit DNS zone configuration file
[[email protected] htdocs]# cd/var/named///Edit DNS zone data file
[Email protected] named]# cp-p named.localhost aa.com.zone
[Email protected] named]# VI aa.com.zone
[[Email protected] named]# service named restart//Restart DNS services
[Email protected] named]# NETSTAT-ANPT | grep named//view DNS health status
[email protected] named]# nslookup www.aa.com//parsing www.aa.com
[[email protected] named]# vi/etc/resolv.conf//configure server DNS
ServerName 192.168.80.10
Save exit
[Email protected] named]# Systemctl restart named
II: Configure DNS under WIN7
Test DNS
DNS Build Success
Three: Create a virtual directory
[[email protected] ~]# vi/etc/httpd.conf//Edit HTTP master configuration file
Add the following content:
alias/doc/"/opt/doc/"
<directory "/opt/doc" >
Options Indexes multiviews FollowSymLinks
AllowOverride None
Order Allow,deny
Allow from all
Require all granted
</Directory>
Save exit
[[email protected] ~]# apachectl–t//Check syntax error
[[Email protected] ~]# service httpd restart//Restart services
Place the error.jpg (anti-theft chain file) in the/opt/doc/directory
Four: Configure the anti-theft chain
[[[email protected] ~]# apachectl-d dump_modules | grep rewrite//check module
[[email protected] ~] # vi/etc/httpd.conf
Add the following:
LoadModule rewrite_module modules/mod_rewrite.so//Add anti-Theft link module
Save Exit
[[ Email protected] ~]# apachectl-t//Check syntax error
[[email protected] htdocs]# vi/etc/httpd.conf
// For the directory to do anti-theft chain processing, in the Htdocs directory properties last location added
<directory "/usr/local/httpd/htdocs" > the location last
Add the following:
Rewriteengine on/ /whitelist, allow only own site content
Rewritecond%{http_referer}!^http://192.168.80.10/
Rewritecond%{http_referer}!^http:// aa.com/. $ [NC]
Rewritecond%{http_referer}!^http://aa.com$ [NC]
Rewritecond%{http_referer}!^http://www.aa.com/. $ [NC]
Rewritecond%{http_referer}!^http://www.aa.com$ [NC]
Rewriterule. . (gif|jpg|swf|png) $ http://www.aa.com/doc/error.jpg [R,NC]//need to redirect to a location that the hotlinking host can access, otherwise you will not see the effect.
[[email protected] htdocs]# apachectl–t
[[email protected] htdocs]# service httpd restart
Step Two: Configure an illegal hotlinking server
One: Configure the DNS service
[email protected] ~]# Yum install-y bind bind-utils
[Email protected] ~]# vi/etc/named.conf
[Email protected] ~]# Vi/etc/named.rfc1912.zones
[Email protected] ~]# cd/var/named/
[Email protected] named]# cp-p named.localhost bb.com.zone
[Email protected] named]# VI bb.com.zone
[Email protected] named]# vi/etc/resolv.conf
ServerName 192.168.80.40
Save exit
[[email protected] named]# systemctl Restart named//Restart DNS service
Two: Verification
Browser access Illegal hotlinking server: www.bb.com
Validation successful
Centos7.4--apache Optimization Application Four (anti-theft chain)