[LNMP]Nginx防盗链与访问控制
2017-08-15 06:06
387 查看
防盗链
1、编辑配置文件
访问控制
限制目录
1、编辑配置文件
限制文件
1、编辑配置文件
限制user-agent
1、编辑配置文件
1、编辑配置文件
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; access_log /tmp/default.log juispan; location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.aaa.com ; if ($invalid_referer) { return 403; } access_log off; } }2、检查与重载
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload3、测试效果
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/pic001.gif -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 21:51:35 GMT Content-Type: image/gif Content-Length: 66698 Last-Modified: Sat, 12 Aug 2017 03:29:18 GMT Connection: keep-alive ETag: "598e760e-1048a" Expires: Mon, 21 Aug 2017 21:51:35 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes [root@plinuxos ~]# curl -e "http://www.hao123.com" -x127.0.0.1:80 aaa.com/pic001.gif -I HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 21:52:18 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive
访问控制
限制目录
1、编辑配置文件
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; access_log /tmp/default.log juispan; location /admin/ { allow 127.0.0.1; deny all; } }2、检查与重载
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload3、测试效果
[root@plinuxos ~]# mkdir /data/wwwroot/default/admin [root@plinuxos ~]# echo "test" > /data/wwwroot/default/admin/1.html [root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/admin/1.html -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 22:13:08 GMT Content-Type: text/html Content-Length: 5 Last-Modified: Mon, 14 Aug 2017 22:03:03 GMT Connection: keep-alive ETag: "59921e17-5" Accept-Ranges: bytes [root@plinuxos ~]# curl -x122.112.253.88:80 aaa.com/admin/1.html -I HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 22:13:13 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive
限制文件
1、编辑配置文件
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; access_log /tmp/default.log juispan; location ~ .*(upload|image)/.*\.php$ { deny all; } }2、检查与重载
[root@plinuxos ~]# mkdir /data/wwwroot/default/upload3、测试效果
[root@plinuxos ~]# echo "test" > /data/wwwroot/default/upload/1.php
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload
[root@plinuxos ~]# curl -x127.0.0.1:80 aaa.com/upload/1.php -I HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 22:19:25 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive
限制user-agent
1、编辑配置文件
[root@plinuxos ~]# vi /usr/local/nginx/conf/vhost/default.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; access_log /tmp/default.log juispan; if ($http_user_agent ~* 'Spider/3.0|YoudaoBot|Tomato') ##星号忽略大小写 { return 403; } }2、检查与重载
[root@plinuxos ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@plinuxos ~]# /usr/local/nginx/sbin/nginx -s reload3、测试效果
[root@plinuxos ~]# curl -A "apple" -x127.0.0.1:80 aaa.com/upload/1.php -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 22:31:09 GMT Content-Type: application/octet-stream Content-Length: 5 Last-Modified: Mon, 14 Aug 2017 22:17:17 GMT Connection: keep-alive ETag: "5992216d-5" Accept-Ranges: bytes [root@plinuxos ~]# curl -A "tomato" -x127.0.0.1:80 aaa.com/upload/1.php -I HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Mon, 14 Aug 2017 22:30:26 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive
相关文章推荐
- LNMP架构 (4) 之 Nginx的防盗链、访问控制、解析php相关配置
- 【LNMP】Nginx防盗链、Nginx访问控制、Nginx解析php相关配置和Nginx代理
- LNMP(nginx防盗链,访问控制,解析php相关配置,Nginx代理,常见502问题)
- LNMP架构(四)之Nginx防盗链,访问控制,解析php,代理
- LNMP架构——Nginx防盗链,访问控制
- nginx-虚拟主机,访问控制,防盗链,代理服务
- Nginx防盗链、访问控制、Nginx解析PHP相关配置、Nginx代理
- nginx 访问控制 防盗链
- 12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配置 12.16 Nginx代理
- CentOS7 Nginx配置--静态文件过期时间、防盗链、访问控制
- Nginx提供网站服务应用包括(虚拟主机、用户访问控制、用户验证、nginx平滑升级、防盗链)的配置
- nginx防盗链、访问控制、PHP解析、服务器代理
- 十二周四次课 2018.01.05 Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理
- linux的Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理介绍
- Nginx防盗链、Nginx访问控制、Nginx解析php的配置
- [Nginx]用Nginx实现与应用结合的访问控制 - 防盗链
- Nginx防盗链与访问控制
- Nginx配置防盗链、Nginx访问控制、Nginx解析php相关配置
- nginx默认虚拟主机,用户认证,域名重定向,日志,静态文件不记录日志,防盗链,访问控制,php解析