Apache防盗链主要是防止本网站的链接被别人盗用
使用Apache访问控制,禁用来源IP访问
1、修改网站的虚拟主机配置文件
从主配置文件中拷贝模板:
[root@daixuan logs]# vim /usr/local/apache2/conf/httpd.conf
[root@daixuan logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
........
<Directory "/data/www">
AllowOverride None
Options None
Order allow,deny
Allow from all 允许所有访问
Deny from 127.0.0.1访问 禁用127.0.0.1访问
</Directory>
...........
</VirtualHost>
2、测试
[root@daixuan logs]# curl -x 127.0.0.1:80 -I 127.0.0.1被禁止访问
HTTP/1.1 403 Forbidden
Date: Wed, 02 Dec 2015 02:47:23 GMT
Server: Apache/2.2.31 (Unix) PHP/5.4.45
Content-Type: text/html; charset=iso-8859-1
[root@daixuan logs]# curl -x 192.168.101.230:80 -I 192.168.101.230正常访问
HTTP/1.1 301 Moved Permanently
Date: Wed, 02 Dec 2015 02:47:42 GMT
Server: Apache/2.2.31 (Unix) PHP/5.4.45
X-Powered-By: PHP/5.4.45
location: forum.php
Cache-Control: max-age=0
Expires: Wed, 02 Dec 2015 02:47:42 GMT
Content-Type: text/html
[root@daixuan logs]# curl -x 192.168.101.230:80 -I 正常访问
HTTP/1.1 200 OK
3、如果希望白名单限制管理员登录网页URI:http://www.test.com/admin.php,怎么做?
<VirtualHost *:80>
........
<filesmatch "(.*)admin(.*)">
Order deny,allow
Deny from all 禁用所有访问
Allow from 127.0.0.1 允许127.0.0.1访问
Allow from 192.168.101.230
</filesmatch>
...........
</VirtualHost>
重启Apache服务后,用PC(192.168.101.175)访问
[root@daixuan logs]# curl -x 192.168.101.230:80 -I http://www.test.com/admin.php
HTTP/1.1 200 OK 200,但是192.168.101.230可以正常访问