Nginx防盗链、访问控制、解析php相关配置、代理
2018-01-05 22:43
936 查看
12.13 Nginx防盗链
配置#编辑配置文件 [root@taoyuan ~]# vim /usr/local/nginx/conf/vhost/test.com.conf #内容如下 location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer){ return 403; } access_log off; }
截图如下:
检测 && 加载
[root@taoyuan ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@taoyuan ~]# /usr/local/nginx/sbin/nginx -s reload
测试
[root@taoyuan ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Fri, 05 Jan 2018 12:52:13 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive [root@taoyuan ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 05 Jan 2018 12:52:25 GMT Content-Type: image/gif Content-Length: 6 Last-Modified: Thu, 04 Jan 2018 14:03:12 GMT Connection: keep-alive ETag: "5a4e3420-6" Expires: Fri, 12 Jan 2018 12:52:25 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes #表示配置成功了。
12.14 Nginx访问控制
需求:
访问/admin/目录的请求,只允许某几个IP访问,配置如下:#编辑配置文件 [root@taoyuan ~]# vim /usr/local/nginx/conf/vhost/test.com.conf #配置内容 location /admin/ { allow 127.0.0.1; allow 192.168.0.10; deny all; }
截图如下:
测试
#检测 && 加载
[root@taoyuan ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@taoyuan ~]# /usr/local/nginx/sbin/nginx -s reload
#测试
[root@taoyuan ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 05 Jan 2018 13:05:25 GMT
Content-Type: text/html
Content-Length: 19
Last-Modified: Wed, 03 Jan 2018 14:08:45 GMT
Connection: keep-alive
ETag: "5a4ce3ed-13"
Accept-Ranges: bytes
[root@taoyuan ~]# curl -x192.168.0.10:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 05 Jan 2018 13:05:32 GMT
Content-Type: text/html
Content-Length: 19
Last-Modified: Wed, 03 Jan 2018 14:08:45 GMT
Connection: keep-alive
ETag: "5a4ce3ed-13"
Accept-Ranges: bytes
[root@taoyun ~]# curl -x192.168.0.12:80 -I test.com/admin/
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Wed, 10 Jan 2018 06:44:37 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
#192.168.0.12 需要增加一个网卡测试
#配置匹配 第三条规则 所以 返回403
可以匹配正则
适用于禁止解析PHP限制
#编辑配置文件 [root@taoyuan ~]# vim /usr/local/nginx/conf/vhost/test.com.conf #内容如下: location ~.*(upload|image)/.*\.php$ { deny all; }
测试
#检测 && 加载
[root@taoyuan ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@taoyuan ~]# /usr/local/nginx/sbin/nginx -s reload
#创建测试文件
[root@taoyuan ~]# mkdir /data/wwwroot/test.com/upload
[root@taoyuan ~]# echo "upload/1.php" > /data/wwwroot/test.com/upload/1.php
#curl测试
[root@taoyuan ~]# curl -x127.0.0.1:80 -I test.com/upload/1.php
HTTP/1.1 403 Forbidden
Server: nginx/1.12.1
Date: Fri, 05 Jan 2018 13:19:45 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
#状态码403 1.php后缀的将不能访问
#测试访问其他后缀的
[root@taoyuan ~]# echo "upload/1.php" > /data/wwwroot/test.com/upload/1.txt
[root@taoyuan ~]# curl -x127.0.0.1:80 -I test.com/upload/1.txt
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 05 Jan 2018 13:20:57 GMT
Content-Type: text/plain
Content-Length: 13
Last-Modified: Fri, 05 Jan 2018 13:20:47 GMT
Connection: keep-alive
ETag: "5a4f7baf-d"
Accept-Ranges: bytes
#状态码200 说明配置生效
user_agent限制
#配置文件 [root@taoyuan ~]# vim /usr/local/nginx/conf/vhost/test.com.conf #内容如下 if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato') { return 403; }
-t && -s reload
检测
[root@taoyuan ~]# curl -A "Tomato1312411" -x127.0.0.1:80 test.com/upload/1.txt -I HTTP/1.1 403 Forbidden Server: nginx/1.12.1 Date: Fri, 05 Jan 2018 13:34:49 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive [root@taoyuan ~]# curl -A "tomato1312411" -x127.0.0.1:80 test.com/upload/1.txt -I HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Fri, 05 Jan 2018 13:36:27 GMT Content-Type: text/plain Content-Length: 13 Last-Modified: Fri, 05 Jan 2018 13:20:47 GMT Connection: keep-alive ETag: "5a4f7baf-d" Accept-Ranges: bytes #这个是精确匹配的,如果需要不区分大小写可以在 ~ 后面加个*号。
12.15 Nginx解析php相关配置
配置文件 /usr/local/nginx/conf/vhost/test.com.conf#编辑配置文件,内容如下 location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; }
不加载测试是否能解析PHP
[root@taoyuan ~]# curl -x127.0.0.1:80 test.com/1.php <?php echo "<h1>test.com/1.php</h1>"; ?> #显示源码
12.16 Nginx代理
用户不能直接访问web服务器,可以用代理服务器,作为中间者。创建proxy.conf
[root@taoyuan ~]# cd /usr/local/nginx/conf/vhost/ [root@taoyuan vhost]# vim proxy.conf #内容如下 server { listen 80; server_name ask.apelearn.com; #定义域名 location / { proxy_pass http://121.201.9.155/; #远程web服务端 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-forwarded-For $proxy_add_x_forwarded_for; } }
测试
[root@taoyuan vhost]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@taoyuan vhost]# /usr/local/nginx/sbin/nginx -s reload [root@taoyuan vhost]# curl ask.apelearn.com/robots.txt # #robots.txt for MiWen # User-agent: * Disallow: /?/admin/ Disallow: /?/people/ Disallow: /?/question/ ……
扩展
502问题汇总 http://ask.apelearn.com/question/9109
location优先级 http://blog.lishiming.net/?p=100
相关文章推荐
- Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理
- Nginx防盗链,Nginx访问控制,Nginx解析PHP的相关配置,Nginx代理
- Nginx防盗链,Nginx访问控制, Nginx解析php相关配置, Nginx代理
- Nginx防盗链、Nginx访问控制、Nginx解析php相关配置
- Nginx防盗链,Nginx访问控制,,Nginx解析php相关配置,Nginx代理
- Nginx防盗链、访问控制、解析php相关配置、Nginx代理
- linux的Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理介绍
- Nginx防盗链 Nginx访问控制 Nginx解析php相关配置 Nginx代理
- LNMP(nginx防盗链,访问控制,解析php相关配置,Nginx代理,常见502问题)
- Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理
- LNMP架构 (4) 之 Nginx的防盗链、访问控制、解析php相关配置
- linux学习第四十六篇:Nginx防盗链,Nginx访问控制,Nginx解析php相关配置,Nginx代理
- 十二周四次课 2018.01.05 Nginx防盗链、Nginx访问控制、Nginx解析php相关配置、Nginx代理
- nginx防盗链、访问控制、PHP解析、服务器代理
- 12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配置 12.16 Nginx代理
- Nginx配置防盗链、Nginx访问控制、Nginx解析php相关配置
- Nginx防盗链、访问控制、Nginx解析PHP相关配置、Nginx代理
- 访问控制-禁止php解析、user_agent,PHP相关配置
- 【LNMP】Nginx防盗链、Nginx访问控制、Nginx解析php相关配置和Nginx代理