Shulou(Shulou.com)06/03 Report--

Apache hotlink protection is to prevent other people's website code from stealing server pictures, files, videos and other related resources. If others steal these static resources of the website, it will obviously increase the bandwidth pressure on the server. All as website maintenance personnel, is to prevent the static resources of our server from being embezzled by other websites. Description of configuration rules *% {HTTP_REFERER}: browse the link fields in header. The URL that stores a link represents the link from which to access the required web page *! ^: do not start with the following string *. * $: end with any character * NC: insensitive to uppercase * R: forced jump rule matching description RewriteEngineOn: open web page rewriting function RewriteCond: set matching rules RewriteRule: set jump action rules match if the values of the corresponding variables match the set rules, proceed one by one If it doesn't match, Then the subsequent rules no longer match the configuration operation demo to modify the configuration file to enable hotlink protection and set the rules: RewriteEngineOnRewriteCond% {HTTP_REFERER}! ^ http://test.com/.*$[NC]RewriteCond% {HTTP_REFERER}! ^ http://test.com$[NC]RewriteCond% {HTTP_REFERER}! ^ http://www.test.com/.*$[NC]RewriteCond% {HTTP_REFERER}! ^ http://www.test.com / $[NC] RewriteRule. *\. (gif | jpg | swf) $http://www.test.com/error.html [R NC] Environment one Linux server (192.168.13.128), one win10 test machine, one win7 hotlink machine (192.168.13.135) 1 Yum installs the DNS service and configures the configuration file [root@localhost] # yum install bind-y # # install the bind server [root@localhost] # vim / etc/named.conf # # configure the main profile information options {listen-on port 53 {any }; # # listening on all listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;} # # allow all [root@localhost ~] # vim / etc/named.rfc1912.zones # # configuration zone profiles zone "kgc.com" IN {type master; file "kgc.com.zone"; allow-update {none;};} [root@localhost ~] # cd / var/named [root@localhost named] # cp-p named.localhost kgc.com.zone # # copy template is kgc.com.zone [root@localhost named] # vim kgc.com.zone # # modify the zone data configuration file information $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H Retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.13.128 # # the resolution address is the local address [root@localhost named] # systemctl start named # # start the DNS resolution service [root@localhost named] # systemctl stop firewalld.service # # turn off the firewall [root@localhost named] # setenforce 02 Remote share mount to Linux 1) share the compression package needed by LAMP on Windows (if you have any questions here, please see the previous blog related article)

2) use remote sharing on Linux to obtain files and mount them to / mnt directory root@localhost ~] # smbclient-L / / 192.168.100.3 / Sharename Type Comment LAMP-C7 Disk [root@localhost ~] # mount.cifs / / 192.168.100.3/LAMP-C7 / mnt # # remotely mount the package to / mnt directory 3 Compile and install Apache1 manually) extract the source code package to the / opt directory [root@localhost mnt] # cd / mnt # # switch to the / mnt directory [root@localhost mnt] # tar zxvf apr-1.6.2.tar.gz-C / opt/ # # extract the source code package to / opt. [root@localhost mnt] # tar zxvf apr-util-1.6.0.tar.gz-C / opt/.... [root@localhost mnt] # Tar jxvf httpd-2.4.29.tar.bz2-C / opt/... [root@localhost mnt] # cd / opt/ / enter the / opt directory [root@localhost opt] # ls / / View the unzipped file apr-1.6.2 apr-util-1.6.0 httpd-2.4.29 rh2) move the apr package to http And install the compilation tool [root@localhost opt] # mv apr-1.6.2/ httpd-2.4.29/srclib/apr [root@localhost opt] # mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util [root@localhost opt] # yum-y install\ gcc\ / / c language gcc-c++\ / / C++ language make\ / / compilation tool pcre-devel\ / / pcre language tool expat-devel\ / / identify tagged language tool perl\ pcre\ zlib-devel / / function library for data compression 3) configure the installation directory and each Module [root@localhost opt] # cd / opt/httpd-2.4.29/ [root@localhost httpd-2.4.29] #. / configure\ / configure-- prefix=/usr/local/httpd\-- enable-deflate\ / / configure compression module-- enable-so\ / / apache core module open-- enable-rewrite\ / / enable rewrite function Hotlink protection-enable-charset-lite\ / / supports character set Simplified Chinese-enable-cgi / / Universal Gateway Interface. 4) compile and install [root@localhost httpd-2.4.29] # make / / generate executable binaries... [root@localhost httpd-2.4.29] # make install / / copy binaries to the system Configure the application environment. 5) configure the http main configuration file [root@localhost httpd-2.4.29] # cd / usr/local/httpd/ [root@localhost httpd] # lsbin cgi-bin error icons lib man modulesbuild conf htdocs include logs manual [root@localhost httpd] # cd conf/ # # switch to the http main configuration file [root@localhost conf] # vim / etc/httpd.conf # # configure the master configuration Set the file Listen 192.168.13.128 root@localhost conf 80 # # set the listening address # Listen 80ServerName www.kgc.com:80 # # set the domain name [root@localhost conf] # ln-s / usr/local/httpd/conf/httpd.conf / etc/httpd.conf # # easy to manage and create soft connections 4 Edit Page 1) switch to your shared mount point Copy the picture to the site [root@localhost conf] # cd / mnt # # switch to the mount point [root@localhost mnt] # cp kali.jpg / usr/local/httpd/htdocs/ # # copy the picture to the site [root@localhost mnt] # cd / usr/local/httpd/htdocs/ [root@localhost htdocs] # ls # # View the picture copied successfully index.html kali.jpg2) Edit the home page of the site And start [root@localhost ~] # cd / usr/local/httpd/ [root@localhost httpd] # cd htdocs/ # # switch to site [root@localhost htdocs] # lsindex.html kali.jpg [root@localhost htdocs] # vim index.html # # to edit web content Add pictures to the page It works!

# # put the image in the web page [root@localhost htdocs] # cd / usr/local/httpd/bin/ [root@localhost bin] #. / apachectl start # # Open 5, test the web page with the win10 tester, and check the properties of the image

6. Use win7 hotlink machine to access web pages. 1) modify DNS resolution server address.

2) visit the website

3) View the attribute information of web images

7, install the web website service on the win7 hotlink machine and use the kgc.com web page picture 1) build the website service on win7

2) Open web Manager

3) Edit the html file on the home page and change the text to index.html

4) put the edited home page content into the site

8. Use the win10 test machine to access the information of the hotlink website (turn off the firewall)

nine, Open hotlink protection configuration module [root@localhost bin] # vim.. / conf/httpd.conf # # Edit http configuration file LoadModule rewrite_module modules/mod_rewrite.so # # Open hotlink protection module # # find htdocs and add permission content 249 RewriteEngine On250 RewriteCond% {HTTP_REFERER}! ^ http://kgc.com/.*$ [NC] 251 RewriteCond% {HTTP_REFERER}! ^ http://kgc.com$ [NC] 252 RewriteCond% {HTTP_REFERER}! ^ http://www.kgc.com/.*$ [NC] 253 RewriteCond% {HTTP_REFERER}! ^ http://www.kgc.com/$ [NC] 254 RewriteRule. *\. (gif | jpg | swf) $http://www.kgc.com/error.png # # hotlink protection images [root@localhost bin] # cp / mnt/error.png / usr/local/httpd/htdocs/ # # put error images into In the site, [root@localhost bin] #. / apachectl stop # # close [root@localhost bin] #. / apachectl start # # enable 10 Test the content of the win7 page of the website after the hotlink module is opened

Configure Apache hidden version information Apache version information, revealing certain vulnerability information, thus bringing security risks to the website. To configure apache hidden version information in the production environment, you can use the Fiddler tool to analyze 1, and use the package software to view it when you visit the web page normally.

two, Configure http main configuration file [root@localhost bin] # vim / etc/http.conf # # configuration main configuration file Include conf/extra/httpd-default.conf # # Open sub-configuration file [root@localhost bin] # cd.. / [root@localhost httpd] # cd conf/ [root@localhost conf] # lsextra httpd.conf magic mime.types original [root@localhost conf] # cd extra/ # # switch to [root@localhost extra] # vim under the extra directory Httpd-default.conf # # configure the subprofile ServerTokens Prod # # modify all full to prodServerSignature Off # # sign off 3 Disable the service and restart the service to view the packet capture information [root@localhost conf] # cd.. / [root@localhost httpd] # cd bin/ [root@localhost bin] #. / apachectl stop # # close [root@localhost bin] #. / apachectl start # # enable

Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.