码迷,mamicode.com
首页 > Web开发 > 详细

Nginx防盗链以及访问控制,Nginx解析php配置和代理

时间:2018-03-16 10:34:15      阅读:320      评论:0      收藏:0      [点我收藏+]

标签:Nginx

Nginx防盗链

技术分享图片

1.编辑配置文件:

[root@weixing01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
}

2.测试重新加载:

[root@weixing01 ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@weixing01 ~]# /usr/local/nginx/sbin/nginx -s reload

3.验证:

[root@weixing01 ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1 -I test.com/1.gif
curl: (7) Failed connect to 127.0.0.1:1080; 拒绝连接
[root@weixing01 ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:25:23 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[root@weixing01 ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:25:35 GMT
Content-Type: image/gif
Content-Length: 14
Last-Modified: Wed, 14 Mar 2018 17:20:46 GMT
Connection: keep-alive
ETag: "5aa959ee-e"
Expires: Thu, 22 Mar 2018 14:25:35 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

Nginx访问控制

技术分享图片
针对目录
1.编辑配置文件:

[root@weixing01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 

 location /admin/
    {
         allow 127.0.0.1;
         allow 192.168.188.130;
         deny all;
    }

2.测试并重新加载:

[root@weixing01 ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@weixing01 ~]# /usr/local/nginx/sbin/nginx -s reload

3.进行验证:

[root@weixing01 ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 14:52:12 GMT
Content-Type: application/octet-stream
Content-Length: 10
Last-Modified: Thu, 15 Mar 2018 14:52:04 GMT
Connection: keep-alive
ETag: "5aaa8894-a"
Accept-Ranges: bytes

针对正则:

技术分享图片

4.修改配置文件:

[root@weixing01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 

location ~ .*(upload|image)/.*\.php$
{   
        deny all;
}

5.测试并重新加载:

[root@weixing01 ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@weixing01 ~]# /usr/local/nginx/sbin/nginx -s reload

6.验证:

[root@weixing01 ~]# mkdir /data/wwwroot/test.com/upload
[root@weixing01 ~]# echo "1111" > /data/wwwroot/test.com/upload/1.php
[root@weixing01 ~]# curl -x127.0.0.1:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

[root@weixing01 ~]# echo "1111" > /data/wwwroot/test.com/upload/1.txt
[root@weixing01 ~]# curl -x127.0.0.1:80 test.com/upload/1.txt
1111

7.针对user_agent限制,修改配置文件:

[root@weixing01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf 

if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘)
{
      return 403;
}

8.测试并重新加载:

[root@weixing01 ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@weixing01 ~]# /usr/local/nginx/sbin/nginx -s reload

9.进行验证 :

[root@weixing01 ~]# curl -A Tomatosjklajg-x127.0.0.1:80 test.com/upload/1.txt  -I
HTTP/1.1 403 Forbidden
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 15:05:33 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[root@weixing01 ~]# curl -A Tmatosjklajg-x127.0.0.1:80 test.com/upload/1.txt  -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 15 Mar 2018 15:05:47 GMT
Content-Type: text/plain
Content-Length: 5
Last-Modified: Thu, 15 Mar 2018 15:01:29 GMT
Connection: keep-alive
ETag: "5aaa8ac9-5"
Accept-Ranges: bytes

Nginx解析php相关配置

技术分享图片

1.修改配置文件:

[root@weixing01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
location ~ \.php$
    {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fcgi.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
    }

2.测试:

[root@weixing01 ~]# vi /data/wwwroot/test.com/3.php
[root@weixing01 ~]# curl -x127.0.0.1:80 test.com/3.php
<?php
phpinfo();

无法解析,重新加载

[root@weixing01 ~]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@weixing01 ~]# /usr/local/nginx/sbin/nginx -s reload

再次查看结果
可以正常解析
3.如果遇到502的情况:

location ~ \.php$
    {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fgi.sock;                      #此行配置要根据主配置文件来看是写sock还是ip地址,一定要保持一致
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
    }

    access_log /tmp/test.com.log weixing;

}

[root@weixing01 ~]# curl -x127.0.0.1:80 test.com/3.php
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

不一致就会出现这种情况

Nginx代理

技术分享图片

1.写一个配置文件:

[root@weixing01 ~]# cd /usr/local/
apache2.4/ bin/       include/   libexec/   nginx/     php-fpm/   src/       
apr/       etc/       lib/       mariadb/   php/       sbin/      
apr-util/  games/     lib64/     mysql/     php7/      share/     
[root@weixing01 ~]# cd /usr/local/nginx/conf
[root@weixing01 conf]# cd vhost/
[root@weixing01 vhost]# vim proxy.conf

server
{
    listen 80;
    server_name ask.apelearn.com;

    location /
    {
        proxy_pass      http://47.91.145.78/;
        proxy_set_header Host   $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

2.验证并重新加载:

[root@weixing01 vhost]# /usr/local/nginx/sbin/nginx  -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@weixing01 vhost]# /usr/local/nginx/sbin/nginx -s reload

3.进行测试:

[root@weixing01 vhost]# curl -x127.0.0.1:80  ask.apelearn.com/robots.txt
#
# robots.txt for MiWen
#

User-agent: *

Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/

Nginx防盗链以及访问控制,Nginx解析php配置和代理

标签:Nginx

原文地址:http://blog.51cto.com/13517254/2087402
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!