防盗链就是防止别人的网址代码里面盗用服务器的图片,文件,视频等相关资源
如果别人盗用网站的这些静态资源,明显的是会增大服务器的带宽压力
所以作为网站的维护人员,要杜绝我们服务器的静态资源被其他网站盗用
%{}HTTP_REFERER}: 浏览header中的链接字段,存放一个链接的URL,代表是从哪个链接访问所需的网页
!^: 不以后面的字符串开头
.*$: 以任意字符结尾
NC: 不区分大写
R:强制跳转
RewriteEngine On: 打开网页重写功能
RewriteCond: 设置匹配规则
RewriteRule: 设置跳转动作
如果相应变量的值匹配所设置的规则,则逐条向下处理;如果不匹配则往后的规则不在匹配
[root@localhost ~]# yum install bind -y #安装DNS解析让实验更加直观
已安装:
bind.x86_64 32:9.11.4-9.P2.el7
作为依赖被安装:
bind-export-libs.x86_64 32:9.11.4-9.P2.el7
作为依赖被升级:
bind-libs.x86_64 32:9.11.4-9.P2.el7 bind-libs-lite.x86_64 32:9.11.4-9.P2.el7
bind-license.noarch 32:9.11.4-9.P2.el7 bind-utils.x86_64 32:9.11.4-9.P2.el7
dhclient.x86_64 12:4.2.5-77.el7.centos dhcp-common.x86_64 12:4.2.5-77.el7.centos
dhcp-libs.x86_64 12:4.2.5-77.el7.centos
完毕!
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; #监听所有地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #any
[root@localhost ~]# vim /etc/named.rfc1912.zones
#增加的
zone "kgc.com" IN { #定义域名
type master;
file "kgc.com.zone"; #定义区域数据配置文件
allow-update { none; };
};
[root@localhost named]# cd /var/named/
[root@localhost named]# cp -p named.localhost kgc.com.zone
[root@localhost named]# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.136.136 #增加一行需要解析的地址
[root@localhost named]# systemctl stop firewalld.service
[root@localhost named]# setenforce 0
[root@localhost named]# systemctl start named
[root@localhost named]# mkdir /chen
[root@localhost named]# mount.cifs //192.168.100.23/LAMP-C7 /chen
Password for root@//192.168.100.23/LAMP-C7:
[root@localhost named]# cd /chen/
[root@localhost chen]# ls
apr-1.6.2.tar.gz Discuz_X2.5_SC_UTF8.zip mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz fiddler.exe php-5.6.11.tar.bz2
awstats-7.6.tar.gz httpd-2.4.29.tar.bz2 tu9892_14.jpg
cronolog-1.6.2-14.el7.x86_64.rpm LAMP-php5.6.txt
[root@localhost abc]# tar jxvf httpd-2.4.29.tar.bz2 -C /opt #解压到OPT底下
[root@localhost abc]# tar zxvf apr-1.6.2.tar.gz -C /opt/
[root@localhost chen]# tar zxvf apr-util-1.6.0.tar.gz -C /opt/
[root@localhost abc]# cd /opt
[root@localhost opt]# ls
apr-1.6.2 apr-util-1.6.0 httpd-2.4.29 rh
[root@localhost opt]# mv apr-1.6.2/ httpd-2.4.29/srclib/apr #移动到这个目录底下
[root@localhost opt]# mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util
[root@localhost opt]# ls
httpd-2.4.29 rh
[root@localhost opt]# cd httpd-2.4.29 /
calhost httpd-2.4.29]#
yum -y install \
gcc \
gcc-c++ \
make \
pcre-devel \
zlib-devel \
expat-devel \
pcre \
perl
./configure \
--prefix=/usr/local/httpd \ #指定路径
--enable-deflate \ #压缩功能
--enable-so \ #核心模块开启
--enable-rewrite \ #开启重写功能,防盗链
--enable-charset-lite \ #支持字符集
--enable-cgi#通用网关接口
[root@localhost httpd-2.4.29]# make
[root@localhost httpd-2.4.29]# make install
[root@localhost httpd-2.4.29]# vim /usr/local/httpd/conf/httpd.conf
Listen 192.168.136.136:80
#Listen 80
ServerName www.kgc.com:80
[root@localhost bin]# vim /usr/local/httpd/htdocs/index.html
[root@localhost bin]# cp /chen/tu9892_14.jpg /usr/local/httpd/htdocs/
[root@localhost bin]# ./apachectl start #执行脚本
[root@localhost bin]# netstat -ntap | grep 80 #查看端口
tcp 0 0 192.168.136.136:80 0.0.0.0:* LISTEN 96493/httpd
[root@localhost bin]# vim ../conf/httpd.conf
oadModule rewrite_module modules/mod_rewrite.so #开启防盗链功能
#在249行加入匹配规则
RewriteEngine On #开启功能
RewriteCond %{HTTP_REFERER} !http://kgc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://kgc.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.kgc.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.kgc.com/wen.png
[root@localhost bin]# cp /chen/wen.png ..//htdocs/
[root@localhost bin]# ls ../htdocs/ #查看一下有没有这种图片
index.html tu9892_14.jpg wen.png
[root@localhost bin]# ./apachectl stop
[root@localhost bin]# ./apachectl start
[root@localhost bin]# vim ../conf/httpd.conf
Include conf/extra/httpd-default.conf #开启隐藏版本号
[root@localhost httpd]# ls
bin cgi-bin error icons lib man modules
build conf htdocs include logs manual
[root@localhost httpd]# cd conf
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# cd extra/
[root@localhost extra]# ls
httpd-autoindex.conf httpd-languages.conf httpd-ssl.conf
httpd-dav.conf httpd-manual.conf httpd-userdir.conf
httpd-default.conf httpd-mpm.conf httpd-vhosts.conf
httpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf
[root@localhost extra]# vim httpd-default.conf
ServerTokens Prod #原本是版本号的全名,换成Pord
[root@localhost extra]# cd ../../
[root@localhost httpd]# cd bin/
[root@localhost bin]# ./apachectl stop
[root@localhost bin]# ./apachectl start
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。