Apache优化之防盗链和隐藏版本
程序员文章站
2022-06-26 12:54:28
...
Apache优化之防盗链和隐藏版本
前言
在线网当中,有些人为了解决没有图片的问题就去找别人的图片,建立一个盗链,自己的网页就有图片了,然后,别人通过访问你的网站的时候,访问会流经你盗链所链接的服务器,服务器压力逐渐增大,就会给服务器这家公司造成一定的影响。所以,防盗链就应运而生。在别人访问服务器时候,如果不把版本信息隐藏起来,黑客就会知道Apache版本的漏洞,从而攻击网站,造成不可估量的损失。所以,从安全角度来看,我们在搭建Apache服务器的时候就应该隐藏Apache的版本。
Apache防盗链
实验环境
centos7虚拟机两台
win10虚拟机一台
实验步骤
1.先安装bind域名解析服务,并进行配置
[aaa@qq.com ~]# yum -y install bind
[aaa@qq.com ~]# vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
[aaa@qq.com ~]# vim /etc/named.rfc1912.zones
zone "hello.com" IN {
type master;
file "hello.com.zone";
allow-update { none; };
};
[aaa@qq.com ~]# cd /var/named/
[aaa@qq.com named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[aaa@qq.com named]# cp -p named.localhost hello.com.zone
[aaa@qq.com named]# vim hello.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.73.167
2.重启域名解析服务,并关闭防火墙
[aaa@qq.com named]# systemctl restart named
[aaa@qq.com named]# systemctl stop firewalld
[aaa@qq.com named]# setenforce 0
3.开始手工编译Apache
[aaa@qq.com named]# cd
[aaa@qq.com ~]# ls
anaconda-ks.cfg apr-util-1.6.0.tar.gz initial-setup-ks.cfg 模板 图片 下载 桌面
apr-1.6.2.tar.gz httpd-2.4.29.tar.bz2 公共 视频 文档 音乐
[aaa@qq.com ~]# tar -zxvf apr-1.6.2.tar.gz -C /opt/
[aaa@qq.com ~]# tar -zxvf apr-util-1.6.0.tar.gz -C /opt/
[aaa@qq.com ~]# tar -jxvf httpd-2.4.29.tar.bz2 -C /opt/
[aaa@qq.com ~]# cd /opt
[aaa@qq.com opt]# ls
apr-1.6.2 apr-util-1.6.0 httpd-2.4.29 rh
[aaa@qq.com opt]# mv apr-1.6.2/ httpd-2.4.29/srclib/apr
[aaa@qq.com opt]# mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util
[aaa@qq.com opt]# cd httpd-2.4.29/
[aaa@qq.com httpd-2.4.29]# ls
ABOUT_APACHE BuildBin.dsp emacs-style LAYOUT NOTICE srclib
acinclude.m4 buildconf httpd.dep libhttpd.dep NWGNUmakefile support
Apache-apr2.dsw CHANGES httpd.dsp libhttpd.dsp os test
Apache.dsw CMakeLists.txt httpd.mak libhttpd.mak README VERSIONING
apache_probes.d config.layout httpd.spec LICENSE README.cmake
ap.d configure include Makefile.in README.platforms
build configure.in INSTALL Makefile.win ROADMAP
BuildAll.dsp docs InstallBin.dsp modules server
[aaa@qq.com httpd-2.4.29]# yum -y install gcc gcc-c++ pcre make pcre-devel zlib-devel expat-devel
[aaa@qq.com httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-deflate \
> --enable-so \
> --enable-rewrite \
> --enable-charset-lite \
> --enable-cgi
[aaa@qq.com httpd-2.4.29]# make && make install
4.修改主配置文件,创建软链接,便于操作
[aaa@qq.com httpd-2.4.29]# vim /usr/local/httpd/conf/httpd.conf
ServerName www.hello.com:80
Listen 192.168.73.167:80
#Listen 80
[aaa@qq.com httpd-2.4.29]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[aaa@qq.com httpd-2.4.29]# cd /usr/local/httpd/bin/
[aaa@qq.com bin]# pwd
/usr/local/httpd/bin
[aaa@qq.com bin]# cd ..
[aaa@qq.com httpd]# ls
bin build cgi-bin conf error htdocs icons include lib logs man manual modules
[aaa@qq.com httpd]# cd htdocs/
[aaa@qq.com htdocs]# ls
E2A44F9213403D04017939019ADDED89.gif index.html
[aaa@qq.com htdocs]# vim index.html
<html><body><h1>It works!</h1>
<img src="E2A44F9213403D04017939019ADDED89.gif" \ ></body></html>
[aaa@qq.com htdocs]# cd /usr/local/httpd/bin
[aaa@qq.com bin]# ./apachectl start
[aaa@qq.com bin]# netstat -ntap | grep 80
tcp 0 0 192.168.73.167:80 0.0.0.0:* LISTEN 69230/httpd
5.win10中修改域名,并用服务器查看
ipconfig /release
ipconfig /renew
ipconfig /all
6.在另外一台虚拟机上面,安装httpd,并进行配置
[aaa@qq.com ~]# yum -y install httpd
[aaa@qq.com ~]# vim /etc/httpd/conf/httpd.conf
ServerName www.world.com:80
Listen 192.168.73.147:80
#Listen 80
[aaa@qq.com ~]# vim /var/www/html/index.html
[aaa@qq.com ~]# vim /var/www/html/index.html
<html>
<body>
this is test web <br />
<img src="http://192.168.73.167/E2A44F9213403D04017939019ADDED89.gif" / >
</body>
</html>
[aaa@qq.com ~]# systemctl start httpd
7.在win10主机里面测试
8.接下来我们去开启Apache的防盗链的功能
[aaa@qq.com htdocs]# cd ..
[aaa@qq.com httpd]# ls
bin build cgi-bin conf error htdocs icons include lib logs man manual modules
[aaa@qq.com httpd]# cd conf
[aaa@qq.com conf]# ls
extra httpd.conf magic mime.types original
[aaa@qq.com conf]# vim httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
<Directory "/usr/local/httpd/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
Require all granted
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://hello.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://hello.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.hello.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.hello.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.hello.com/error.png
</Directory>
[aaa@qq.com conf]# cd
[aaa@qq.com ~]# cd /usr/local/httpd/bin/
[aaa@qq.com bin]# ./apachectl stop
[aaa@qq.com bin]# ./apachectl start
9.去win10主机中查看防盗链
清空缓存数据
清空浏览数据后重启服务器
Apache版本的隐藏
实验步骤
1.打开win10里面的抓包工具,直接开启抓包
2.修改Apache的主配置文件,并重启Apache服务
[aaa@qq.com htdocs]# vim /usr/local/httpd/conf/httpd.conf
Include conf/extra/httpd-default.conf
[aaa@qq.com htdocs]# cd ..
[aaa@qq.com httpd]# ls
bin build cgi-bin conf error htdocs icons include lib logs man manual modules
[aaa@qq.com httpd]# cd conf/
[aaa@qq.com conf]# ls
extra httpd.conf magic mime.types original
[aaa@qq.com conf]# cd extra/
[aaa@qq.com extra]# ls
httpd-autoindex.conf httpd-info.conf httpd-mpm.conf httpd-userdir.conf
httpd-dav.conf httpd-languages.conf httpd-multilang-errordoc.conf httpd-vhosts.conf
httpd-default.conf httpd-manual.conf httpd-ssl.conf proxy-html.conf
[aaa@qq.com extra]# vim httpd-default.conf
ServerTokens Prod
ServerSignature Off
[aaa@qq.com extra]# /usr/local/httpd/bin/apachectl stop
[aaa@qq.com extra]# /usr/local/httpd/bin/apachectl start
3.清空win10的浏览器中的浏览数据
实验总结
我们再做防盗链的时候,我们要注意那个盗链的图片不能设置成被禁用的图片,不然会一直显示图片出不来。然后,就是我们在做版本隐藏的时候,一定要将自己的Apache的版本隐藏。
上一篇: golang教程之方法
下一篇: RestTemplate使用