注释:
http://zhuohua.store、http://baidu.com、http://www.baidu.com 为允许文件链出的网站域名白名单;
gif|jpg|png|jpeg|flv|swf|rar|zip|txt 为防盗链文件类型,可自定义
重启Apache:
[root@localhost ~]# service httpd restart
restart apache... done
记得创建测试文件:
[root@localhost ~]# echo '111' > /www/zhuohua.store/1.png
[root@localhost ~]# echo '222' > /www/zhuohua.store/2.doc
防盗链测试:
被允许的网站域名引用指定类型的文件正常:
[root@localhost ~]# curl -x127.0.0.1:80 -I -e "http://zhuohua.store/1.png" zhuohua.store/1.png
HTTP/1.1 200 OK
Date: Wed, 24 Jun 2020 18:38:48 GMT
Server: Apache
Last-Modified: Wed, 24 Jun 2020 18:33:22 GMT
ETag: "4-5a8d8b5eaa320"
Accept-Ranges: bytes
Content-Length: 4
Connection: close
Content-Type: image/png
[root@localhost ~]# curl -x127.0.0.1:80 -I -e "http://baidu.com/1.png" zhuohua.store/1.png
HTTP/1.1 200 OK
Date: Wed, 24 Jun 2020 18:39:57 GMT
Server: Apache
Last-Modified: Wed, 24 Jun 2020 18:33:22 GMT
ETag: "4-5a8d8b5eaa320"
Accept-Ranges: bytes
Content-Length: 4
Connection: close
Content-Type: image/png
[root@localhost ~]# curl -x127.0.0.1:80 -I -e "http://www.baidu.com/1.png" zhuohua.store/1.png
HTTP/1.1 200 OK
Date: Wed, 24 Jun 2020 18:40:13 GMT
Server: Apache
Last-Modified: Wed, 24 Jun 2020 18:33:22 GMT
ETag: "4-5a8d8b5eaa320"
Accept-Ranges: bytes
Content-Length: 4
Connection: close
Content-Type: image/png
未被允许的网站域名引用指定类型的文件不正常:
[root@localhost ~]# curl -x127.0.0.1:80 -I -e "http://www.aaa.com/1.png" zhuohua.store/1.png
HTTP/1.1 403 Forbidden
Date: Wed, 24 Jun 2020 18:41:11 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1
由于没有对doc文件类型进行限制,所以doc文件没有防盗链功能:
[root@localhost ~]# curl -x127.0.0.1:80 -I -e "http://www.baidu.com/2.doc" zhuohua.store/2.doc
HTTP/1.1 200 OK
Date: Wed, 24 Jun 2020 18:42:36 GMT
Server: Apache
Last-Modified: Wed, 24 Jun 2020 18:35:05 GMT
ETag: "4-5a8d8bc1213a4"
Accept-Ranges: bytes
Content-Length: 4
Connection: close
Content-Type: application/msword
[root@localhost ~]# curl -x127.0.0.1:80 -I -e "http://www.aaa.com/2.doc" zhuohua.store/2.doc
HTTP/1.1 200 OK
Date: Wed, 24 Jun 2020 18:43:08 GMT
Server: Apache
Last-Modified: Wed, 24 Jun 2020 18:35:05 GMT
ETag: "4-5a8d8bc1213a4"
Accept-Ranges: bytes
Content-Length: 4
Connection: close
Content-Type: application/msword
##############
Apache配置SSL
笺注:
以下生成一对自定义的SSL证书,方法与生成的证书,在Apache和Nginx是通用的。
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# openssl genrsa -des3 -out tmp.key
Generating RSA private key, 1024 bit long modulus
........++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for tmp.key:#输入自定义的密码
Verifying - Enter pass phrase for tmp.key:#输入自定义的密码
把tmp.key转换成zhuohua.key:
[root@localhost conf]# openssl rsa -in tmp.key -out zhuohua.key
Enter pass phrase for tmp.key:#输入自定义的密码
writing RSA key
[root@localhost conf]# rm -rf tmp.key
生成CSR文件:
[root@localhost conf]# openssl req -new -key zhuohua.key -out zhuohua.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:zhuohua
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
[root@localhost conf]#
生成CRT证书文件:
[root@localhost conf]# openssl x509 -req -days 365 -in zhuohua.csr -signkey zhuohua.key -out zhuohua.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=zhuohua
Getting Private key
生成的SSL证书文件: