12.13 Nginx防盗链 12.14 Nginx访问控制 12.15 Nginx解析php相关配
本文共 8944 字,大约阅读时间需要 29 分钟。
12.13 Nginx防盗链
vim /usr/local/nginx/conf/vhost/test.com.conf
加入location ~ ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${ expires 7d;valid_referers none blocked server_names .test.com ;if ($invalid_referer) { return 403;}access_log off;}并保存退出。[root@martin001 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@martin001 vhost]# /usr/local/nginx/sbin/nginx -s reload[root@martin001 vhost]# curl -x127.0.0.1:80 -I -e "" test.com/1.gifHTTP/1.1 403 ForbiddenServer: nginx/1.12.1Date: Fri, 16 Mar 2018 06:24:30 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-alive[root@martin001 vhost]# curl -I -e "" test.com/1.gifHTTP/1.1 200 OKServer: nginx/1.12.1Date: Fri, 16 Mar 2018 06:28:50 GMTContent-Type: image/gifContent-Length: 16Last-Modified: Wed, 14 Mar 2018 16:17:46 GMTConnection: keep-aliveETag: "5aa94b2a-10"Expires: Fri, 23 Mar 2018 06:28:50 GMTCache-Control: max-age=604800Accept-Ranges: bytes[root@martin001 vhost]# curl -I -e "" lgx168.com/HTTP/1.1 200 OKServer: nginx/1.12.1Date: Fri, 16 Mar 2018 06:33:03 GMTContent-Type: text/htmlContent-Length: 26Last-Modified: Tue, 13 Mar 2018 15:52:31 GMTConnection: keep-aliveETag: "5aa7f3bf-1a"Accept-Ranges: bytes12.14 Nginx访问控制
[root@martin001 vhost]# !vim
vim /usr/local/nginx/conf/vhost/test.com.conflocation /admin/
{ allow 192.168.133.1;allow 127.0.0.1;deny all;}[root@martin001 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@martin001 vhost]# /usr/local/nginx/sbin/nginx -s reload[root@martin001 vhost]# mkdir /data/wwwroot/test.com/admin[root@martin001 vhost]# echo "123" > /data/wwwroot/test.com/admin/1.html[root@martin001 vhost]# curl -x192.168.15.132:80 test.com/admin/1.html123[root@martin001 vhost]# curl -x127.0.0.1:80 test.com/admin/1.html123[root@martin001 vhost]# ifconfigens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.15.132 netmask 255.255.255.0 broadcast 192.168.15.255inet6 fe80::996a:3fe7:cdd7:2bd3 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:56:59:af txqueuelen 1000 (Ethernet)RX packets 2768 bytes 264282 (258.0 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 2060 bytes 267554 (261.2 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.15.136 netmask 255.255.255.0 broadcast 192.168.15.255ether 00:0c:29:56:59:af txqueuelen 1000 (Ethernet)ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.98 netmask 255.255.255.255 broadcast 192.168.1.98inet6 fe80::93d:8d08:a36c:e0c3 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:56:59:b9 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 10 bytes 744 (744.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1 (Local Loopback)RX packets 60 bytes 5481 (5.3 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 60 bytes 5481 (5.3 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@martin001 vhost]# curl -x192.168.1.98:80 test.com/admin/1.html
<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.12.1</center></body></html>[root@martin001 vhost]# tail /tmp/test.com.log127.0.0.1 - [15/Mar/2018:00:19:27 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"127.0.0.1 - [15/Mar/2018:00:20:51 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"127.0.0.1 - [15/Mar/2018:00:21:03 +0800] test.com "/2.jsghfgfh" 404 "-" "curl/7.29.0"192.168.15.132 - [16/Mar/2018:14:50:12 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"127.0.0.1 - [16/Mar/2018:14:50:30 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"192.168.1.98 - [16/Mar/2018:14:51:20 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"
vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ .(abc|image)/..php${ deny all;}if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato'){ return 403;}[root@martin001 vhost]# curl -x192.168.15.132:80 test.com/upload/1.php<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.12.1</center></body></html>[root@martin001 vhost]# curl -x192.168.15.132:80 test.com/upload/1.txt123[root@martin001 vhost]# curl -A "Tomatodsfsd" -x127.0.0.1:80 test.com/upload/1.txt<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.12.1</center></body></html>[root@martin001 vhost]# curl -A "tomatodsfsd" -x127.0.0.1:80 test.com/upload/1.txt123[root@martin001 vhost]# !tailtail /tmp/test.com.log127.0.0.1 - [15/Mar/2018:00:20:51 +0800] test.com "/index.html" 200 "-" "curl/7.29.0"127.0.0.1 - [15/Mar/2018:00:21:03 +0800] test.com "/2.jsghfgfh" 404 "-" "curl/7.29.0"192.168.15.132 - [16/Mar/2018:14:50:12 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"127.0.0.1 - [16/Mar/2018:14:50:30 +0800] test.com "/admin/1.html" 200 "-" "curl/7.29.0"192.168.1.98 - [16/Mar/2018:14:51:20 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"192.168.1.98 - [16/Mar/2018:15:10:35 +0800] test.com "/admin/1.html" 403 "-" "curl/7.29.0"192.168.15.132 - [16/Mar/2018:15:11:20 +0800] test.com "/upload/1.php" 403 "-" "curl/7.29.0"192.168.15.132 - [16/Mar/2018:15:11:29 +0800] test.com "/upload/1.txt" 200 "-" "curl/7.29.0"127.0.0.1 - [16/Mar/2018:15:13:48 +0800] test.com "/upload/1.txt" 403 "-" "Tomatodsfsd"127.0.0.1 - [16/Mar/2018:15:14:08 +0800] test.com "/upload/1.txt" 200 "-" "tomatodsfsd"12.15 Nginx解析php相关配置
vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ .php${ include fastcgi_params;fastcgi_pass unix:/tmp/php-fcgi.sock;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;}其中fastcgi_pass用来指定php-fpm的地址。如果php-fpm监听的是一个tcp:port的地址(127.0.0.1:9000),那么也需要在这里改成fastcgi_pass 127.0.0.1:9000。这个地址一定要和php-fpm服务监听的地址匹配,否则报502错误。fastcgi_param SCRIPT_FILENAME 后面跟的路径为该站点的要目录,和前面定义的root那个路径保持一致。如不对,访问PHP页面出现404 /usr/local/nginx/sbin/nginx -t/usr/local/nginx/sbin/nginx -s reloadcurl -x127.0.0.1:80 test.com/3.php12.16 Nginx代理
[root@martin001 vhost]# vim proxy.conf
[root@martin001 vhost]# cat !$cat proxy.confserver{ listen 80;server_name ask.apelearn.com;location /{ proxy_pass http://121.201.9.155/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} }
[root@martin001 vhost]# ping ask.apelearn.comPING ask.apelearn.com (47.91.145.78) 56(84) bytes of data.64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=1 ttl=128 time=14.5 ms64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=2 ttl=128 time=13.9 ms64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=3 ttl=128 time=15.2 ms64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=4 ttl=128 time=13.9 ms64 bytes from 47.91.145.78 (47.91.145.78): icmp_seq=5 ttl=128 time=15.1 ms^C--- ask.apelearn.com ping statistics ---5 packets transmitted, 5 received, 0% packet loss, time 4009msrtt min/avg/max/mdev = 13.949/14.582/15.239/0.568 ms[root@martin001 vhost]# !vimvim proxy.conf[root@martin001 vhost]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful[root@martin001 vhost]# /usr/local/nginx/sbin/nginx -s reload[root@martin001 vhost]# curl -x127.0.0.1:80 ask.apelearn.com -IHTTP/1.1 200 OKServer: nginx/1.12.1Date: Fri, 16 Mar 2018 08:04:17 GMTContent-Type: text/htmlConnection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.3.29P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"Set-Cookie: ape__Session=jjbvdum6rk71rrofnn4lbjiap5; path=/; domain=.apelearn.comExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cache[root@martin001 vhost]# curl 127.0.0.1:80 ask.apelearn.com/robots.txt
This is the default site.#robots.txt for MiWen
#
User-agent: *
Disallow: /?/admin/
Disallow: /?/people/Disallow: /?/question/Disallow: /account/Disallow: /app/Disallow: /cache/Disallow: /install/Disallow: /models/Disallow: /crond/run/Disallow: /search/Disallow: /static/Disallow: /setting/Disallow: /system/Disallow: /tmp/Disallow: /themes/Disallow: /uploads/Disallow: /url-*Disallow: /views/转载于:https://blog.51cto.com/12058686/2087674
你可能感兴趣的文章
CSS 基础点集锦一:盒子模型、浮动、清除浮动
查看>>
团队沟通利器之UML——类图
查看>>
Ios For Monkey
查看>>
Kafka实战-KafkaOffsetMonitor
查看>>
ZBar之自定义二维码扫描
查看>>
GET/POST请求的使用《极客学院 --AFNetworking 2.x 网络解析详解--2》学习笔记...
查看>>
js动态提示输入框剩余字符数
查看>>
组件名简单改了
查看>>
C标准库<string.h>实现
查看>>
编译OpenWRT过程问题解决
查看>>
整合大量开源库温习基础项目(三)登陆注册主页面大致完成,分析下怎么处理用户信息...
查看>>
详细解释强力的图片加载框架 Glide的配置(顺便补充下CollapsingToolbarLayout的一些功能)...
查看>>
[经典面试题][暴风影音]暴风影音2014校招笔试题
查看>>
jsp重定向forward和sendRedirect的比较
查看>>
MDT部署时,客户端得不到IP地址问题
查看>>
并发控制CountDownLatch、CyclicBarrier和Semaphore
查看>>
MongoDB学习笔记(五) MongoDB文件存取操作
查看>>
Apache模块谈
查看>>
数据系列专题视频课程-处理重复数据发布啦
查看>>
ELK5.4 修改分片数及分片分配方式
查看>>