Home > Developer > Web Develop

Nginx configuration: Anti-theft chain, access control, parsing PHP and agents

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First, nginx anti-theft chain

Anti-theft chain refers to a site's resources (pictures or attachments) without permission to browse and download other sites, especially the hotlinking of popular resources, the bandwidth consumption of the site is very large, set up anti-theft chain to save resources.

1. Modify the virtual host configuration file 
[[email protected] vhost]# vim linuxtest.confserver{   listen 80;   server_name linuxtest.com;   index index.html index.htm index.php;   root /data/wwwroot/linuxtest;   location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$   {    expires 7d;    valid_referers none blocked server_names  *.linuxtest.com ;#   定义referer白名单       if ($invalid_referer) {        return 403;#    if函数的意思是:如果不是白名单内的域名,返回值:403    }#   location /#     { #       auth_basic         "Auth";#       auth_basic_user_file /usr/local/nginx/conf/htpasswd;#     }   access_log /tmp/linuxtest.log combined_realip;}#使用access_log指定日志存储路径和使用的日志格式名字
2. Testing 
[[email protected] vhost]#/usr/local/nginx/sbin/nginx-tnginx:the configuration file/usr/local/nginx/conf/ nginx.conf syntax is oknginx:configuration file/usr/local/nginx/conf/nginx.conf test is successful[[email  Protected] vhost]#/usr/local/nginx/sbin/nginx-s reload[[email protected] vhost]# echo "This is the anti-theft chain JPG test! ">/data/wwwroot/linuxtest/test.jpg[[email protected] vhost]# curl-x127.0.0.1:80 linuxtest.com/test.jpg- ihttp/1.1 Okserver:nginx/1.12.2date:thu, Mar 2018 14:33:07 Gmtcontent-type:image/jpegcontent-length:28last-mod Ified:thu, 2018 14:32:45 Gmtconnection:keep-aliveetag: "5aaa840d-1c" Expires:thu, April Mar 2018 14:33:07 GMTCache-C Ontrol:max-age=604800accept-ranges:bytes[[email protected] vhost]# curl-x127.0.0.1:80-e "http://www.com" Linuxtest.com/test.jpg-i//-e Option Custom refererhttp/1.1 403 Forbiddenserver:nginx/1.12.2date:thu, Mar 2018 14:33:28 GM Tcontent-type:text/htmlcontent-length:169connection:keep-alive
Second, access control

Access control restricts the specified IP to access the specified directory

1. Modify the virtual host configuration file 
[[email protected] vhost]# vim linuxtest.conf  //添加如下内容   location /admin/    {    allow 192.168.242.128;    allow 127.0.0.1;    deny all;#   设置IP白名单
2. Testing 
[[email protected] vhost]# mkdir /data/wwwroot/linuxtest/admin[[email protected] vhost]#  echo “test,test”>/data/wwwroot/linuxtest/admin/1.html[[email protected] vhost]# curl -x127.0.0.1:80  linuxtest.com/admin/1.html“test,test”[[email protected] vhost]# curl -x192.168.242.128:80  linuxtest.com/admin/1.html“test,test”
3. Access Control-Regular 
location ~ .*(abc|image)/.*\.php${        deny all;}
4. Access Control-Agent 
if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘){      return 403;}
Third, Nginx parsing PHP

To modify a virtual host configuration file

[[email protected] vhost]# vim linuxtest.conflocation ~ \.php$    {        include fastcgi_params;        //fastcgi_pass 127.0.0.1:9000        fastcgi_pass unix:/tmp/php-fcgi.sock;#      fastcgi_pass两种监听格式,但是要保证Nginx和php-fpm中格式一致        fastcgi_index index.php;        fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;    }
Four, nginx agent

Nginx Proxy is a reverse proxy. The reverse proxy method is a proxy server that accepts connection requests on the Internet, then forwards requests to servers on the internal network, and returns the results from the server to the clients that request connections on the Internet, Reverse. At this point the proxy server is represented as a server externally.
Graph LR
User –> Proxy Server
Proxy Server –> User
Proxy Server –>web Server
Web server –> Proxy Server

1. Change the configuration file 
[[email protected] vhost]# vim proxy.confserver{    listen 80;    server_name ask.apelearn.com;#   定义域名(一般和被代理ip的域名保持一致)    location /    {        proxy_pass      http://47.91.145.78/;#       指定被代理(被访问)的IP(web服务器IP)        proxy_set_header Host   $host;#       $host指的是代理服务器的servername(也是被代理IP的域名)        proxy_set_header X-Real-IP      $remote_addr;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    }}
2. Testing 
[[email protected] vhost]# vim proxy.conf[[email protected] vhost]#/usr/local/nginx/sbin/nginx-s reload[[ Email protected] vhost]# curl-x127.0.0.1:80 ask.apelearn.com-i//With through agent http/1.1 Okserver:nginx/1.12.2date:t Hu, Mar 2018 15:44:25 gmtcontent-type:text/htmlconnection:keep-alivevary:accept-encodingx-powered-by:php/ 5.3.29p3p:cp= "CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" set-cookie:ape__session=k 44G3EKLSERT1FGBJHL061L4F4; path=/; Domain=.apelearn.comexpires:thu, 1981 08:52:00 Gmtcache-control:no-store, No-cache, Must-revalidate, Post-check =0, pre-check=0pragma:no-cache[[email protected] vhost]# curl ask.apelearn.com-i//Direct Connect http/1.1 okserver:ng Inx/1.8.0date:thu, 2018 15:46:06 gmtcontent-type:text/htmlconnection:keep-alivevary: accept-encodingx-powered-by:php/5.3.29p3p:cp= "CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI D SP COR "Set-cookie:ape__session=ium8s3hsrjh4ulf6qbrjpdcme2; path=/; Domain=.apelearn.comexpires:thu, 1981 08:52:00 Gmtcache-control:no-store, No-cache, Must-revalidate, Post-check =0, Pre-check=0pragma:no-cache

Nginx configuration: Anti-theft chain, access control, parsing PHP and proxies

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
anti passback access control system access control list php php access control php user access control nginx configuration guide installation and configuration of php php and access database

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More