Read about anti passback access control system, The latest news, videos, and discussion topics about anti passback access control system from alibabacloud.com
One: Configure the anti-theft chainOpen the virtual host configuration file#vim/usr/local/apache2/conf/extra/httpd-vhosts.confAdd the following contentSetenvifnocase Referer "^http://.*\.abc\.com" Local_refSetenvifnocase Referer ". *.aminglinux.com" Local_refSetenvifnocase Referer "^$" Local_ref #没有referer, direct addressOrder Allow,denyAllow from Env=local_refII: Access
following Third, access control (FilesMatch)限制指定文件的访问步骤1:修改配置文件[[emailprotected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf //加入以下内容Iv. access Control (user_agent)User_agent (user agent): refers to the browser (search engine) information including hardware platform,
/nginx/conf/ nginx.conf syntax is oknginx:configuration file/usr/local/nginx/conf/nginx.conf test is successful[[email Protected] vhost]#/usr/local/nginx/sbin/nginx-s reload[[emailprotected] vhost]# echo "This is the anti-theft chain JPG test! ">/data/wwwroot/linuxtest/test.jpg[[emailprotected] vhost]# curl-x127.0.0.1:80 linuxtest.com/test.jpg- ihttp/1.1 Okserver:nginx/1.12.2date:thu, Mar 2018 14:33:07 Gmtcontent-type:image/jpegcontent-length:28last-m
First, configure the anti-theft chain Through the way of anti-theft chain, can be set to restrict the third-party site by reference to obtain the image on the server, data, etc., if you want to obtain the site's picture data, only through the site access to obtain, this also effectively reduce the resources of the server. What is Referer? R
virtual configuration filevim /usr/local/nginx/conf/vhost/test.com.confCode:if ($http_user_agent ~* ‘Spider/3.0|YoudaoBot|Tomato‘){ return 403;} * Note: The code represents a case-insensitive, ~ to match the meaning; * * Detection and entry into force/usr/local/nginx/sbin/nginx -t/usr/local/nginx/sbin/nginx -s reloadTestDefine user_agent named Tomato123 on the line access, forbidden to access
the beginning of Config G, continue to search, matching to this regular, using[Configuration H]}?Then analyze the order of execution of the a-h configuration. The following 2 configurations exist at the same time Location =/{[Configuration A]}Location/{[Configuration B]}At this point a takes effect because the =/priority is higher than/ The following 3 configurations exist at the same time location/documents/{[Configuration C]}Location ~/documents/{[Configuration CB]
/admin/1.html-T -S reloadcurl-x127.0.0.1:80 test.com-i Tip 200 Normal accessTake an IP host with more access, Tip 403.2, match the regular, add the following content:Prevent PHP from being parsed by uploading directorieslocation ~ .*(upload|image)/.*\.php${ deny all;}Disable parsing of upload|image directory files ending in PHPTest:mkdir data/wwwroot/test.com/upload/1.phpecho "132323" >/data/wwwroot/test.com/upload/1.phpcurl-x127.0.0.1:80 test.
Nginx Anti-theft chain Edit a virtual configuration file [[emailprotected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf Add the contents of the configuration location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${ expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; } access_log off;} Add Configuration Content Explanat
:/tmp/php-fcgi.sock;Fastcgi_index index.php;Fastcgi_param Script_filename/data/wwwroot/test.com$fastcgi_script_name;}Fastcgi_pass used to specify the address or socket of the PHP-FPM listener[Email protected] ~]# vi/data/wwwroot/test.com/3,phpFour, nginx agentCd/usr/local/nginx/conf/vhostVim proxy.conf//Add the following:Server{Listen 80;server_name ask.apelearn.com;Location/{Proxy_pass http://121.201.9.155/;Proxy_set_header Host $host;Proxy_set_header X-real-ip $remote _addr;Proxy_set_header x-
balancing, this part of the knowledge point is described in detail later, configured as follows:Upstream BBB{Server 1.2.3.1:80;Server 1.2.3.4:80;}server {Listen 80;server_name bbb.com; location / { proxy_pass http://bbb/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # access_log /home/logs/bb_access.log combined;}Proxy all do
Nginx Open source and cross-platform software developed by the Russian people to provide Web services and agency servicesNginx provides Web Services application environment?1. Virtual Hosting2. User Access control3. User authentication4. Anti-theft chainLab Environment:Installation software: nginx-0.855.tar.gzOperating system: centos6.5Experiment: (i)Experimental
misappropriation of links, allowing only designated domain names to be linked• Hotlinking: Put a picture on someone else's website, copy the link, then send it on your own website, users to visit their website, bear the burden and traffic is someone else's server.Configuration:Setenvifnocase Referer "www.1.com" Local_ref #定义访问的域名Setenvifnocase Referer "www.a.com" Local_ref #定义访问的域名Setenvifnocase Referer "www.b.com" Local_ref #定义访问的域名Setenvifnocase Referer "^$" Local_refOrder Allow,denyAllow fro
Nginx anti-theft chain first into the/usr/local/nginx/conf/vhost/directory, edit the configuration file vim Test.com.confvim test.com.conf then the contents of the following location ~ ^.+. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) ${expires 7d; valid_referers None blocked Server_names . test.com; if ($invalid _referer) {return 403;} Access_log off;} Valid_referers none blocked Server_names *.test.com; if ($invalid _referer) {return 40
/ nginx.conf syntax is oknginx:configuration file/usr/local/nginx/conf/nginx.conf test is successful[[email Protected] vhost]#/usr/local/nginx/sbin/nginx-s reload[[emailprotected] vhost]# echo "This is the anti-theft chain JPG test! ">/data/wwwroot/linuxtest/test.jpg[[emailprotected] vhost]# curl-x127.0.0.1:80 linuxtest.com/test.jpg- ihttp/1.1 Okserver:nginx/1.12.2date:thu, Mar 2018 14:33:07 Gmtcontent-type:image/jpegcontent-length:28last-mod Ified:th
/ { proxy_pass http://47.91.145.78/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}2. Verify and Reload:[[emailprotected] vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[[emailprotected] vhost]# /usr/local/nginx/sbin/nginx
needs to access the Web server, but there is no connection between the user and the Web server, Web server in the network, we need a proxy server to help users access the Web, he must communicate with the user, and also must communicate with the Web server, in the middle of bridging this is the proxy server. 4.1 Principle:4.2 Editing a configuration filecd /usr/local/nginx/conf/vhostvim proxy.conf
-revalidate, post-check=0, pre-check=0Pragma:no-cache[Email protected] vhost]# Curl 127.0.0.1:80 ask.apelearn.com/robots.txtThis is the default site.#Robots.txt for Miwen#User-agent: *Disallow:/?/admin/Disallow:/?/people/Disallow:/?/question/Disallow:/account/Disallow:/app/Disallow:/cache/Disallow:/install/Disallow:/models/Disallow:/crond/run/Disallow:/search/Disallow:/static/Disallow:/setting/Disallow:/system/Disallow:/tmp/Disallow:/themes/Disallow:/
49, Nginx Anti-theft chain, nginx access control, Nginx parsing PHP-related configuration, nginx agentFirst, nginx anti-theft chainMust be combined with "do not log and expire" because they are used at the same time.# vim/usr/local/nginx/conf/vhost/test.com.confLocation ~* ^.+\. (Gif|jpg|png|bmp|swf|jpeg|flv|rar|zip|do
This article mainly introduces the detailed Nginx anti-theft chain and Nginx access control and Nginx parsing PHP configuration of the relevant information, here to provide examples to help everyone, learn to understand this part of the content, the need for friends can refer to the next Detailed Nginx anti-theft chai
12.13 Nginx Anti-theft chain[Email protected] test.com]# vim/usr/local/nginx/conf/vhost/test.com.conf~* indicates case insensitiveWhitelist *.test.com, if not whitelist, returns 403[[emailprotected]test.com]#curl-e "Http://www.baidu.com"-x127.0.0.1:80 test.com/1.gif-ihttp/1.1403forbiddenserver:nginx/1.12.2date:wed,14 mar201815:07:25gmtcontent-type:text/htmlcontent-length:169connection: keep-alive[[emailprotected]test.com]#curl-e "Http://www.test.com/1
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
