Shulou(Shulou.com)06/02 Report--

The role of hotlink protection in Apache web page optimization

Hotlink protection is to prevent other people's URL code from embezzling server pictures, files, videos and other related resources.

If others steal these static resources of the website, it will obviously increase the bandwidth pressure on the server.

Therefore, as the maintainer of the website, we should stop the static resources of our server from being embezzled by other websites.

Hotlink protection configuration rule% {} HTTP_REFERER}: browse the link field in header and store a link's URL, which represents the link from which to access the desired web page! ^: does not start with the following string. * $: ends with any character NC: capital insensitive R: forced jump hotlink protection rule matching description

RewriteEngine On: turn on web page rewriting function

RewriteCond: setting matching rules

RewriteRule: setting jump action

If the value of the corresponding variable matches the set rule, it will be processed down one by one; if it does not match, the subsequent rules will not match.

Start the experiment to install the DNS package [root@localhost ~] # yum install bind- y # install DNS parsing to make the lab more intuitive has been installed: bind.x86_64 32 DNS 9.11.4-9.P2.el7 installed as a dependency: bind-export-libs.x86_64 32 yum install bind- 9.11.4-9.P2.el7 Upgraded as a dependency: bind-libs.x86_64 32 9.P2.el7 bind-license.noarch 9.11.4-9.P2.el7 bind-libs-lite.x86_64 32 9.P2.el7 bind-license.noarch 9.11.4-9.P2.el7 bind-utils.x86_64 32 9.P2.el7 bind-utils.x86_64 9.11.4-9.P2.el7 dhclient.x86 _ 64 12 77.el7.centos 4.2.5-77.el7.centos dhcp-common.x86_64 12 77.el7.centos 4.2.5-77.el7.centos dhcp-libs.x86_64 1215 4.2.5-over! Configure the main configuration file [root@localhost ~] # vim / etc/named.conf options {listen-on port 53 {any;}; # listen on all addresses listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}; # any configuration zone configuration file

[root@localhost ~] # vim / etc/named.rfc1912.zones

# added

Zone "kgc.com" IN {# defines a domain name

Type master

File "kgc.com.zone"; # define the zone data profile

Allow-update {none;}

}

Configure the zone data configuration file [root@localhost named] # cd / var/named/ [root@localhost named] # cp-p named.localhost kgc.com.zone [root@localhost named] # vim kgc.com.zone $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.136.136 # add a line of address [root@localhost named] # systemctl stop firewalld.service [root@localhost named] # setenforce 0 [root@localhost named] # systemctl start named to mount the shared directory of the host. We need the source code package. Private message to me [root@localhost named] # mkdir / chen [root@localhost named] # mount.cifs / / 192.168.100.23/LAMP-C7 / chenPassword for root@//192.168.100.23/LAMP-C7: [root@localhost named] # cd / chen/ [root@localhost chen] # lsapr-1.6.2.tar.gz Discuz_X2.5_SC_UTF8.zip mysql-5.6.26.tar.gzapr-util- 1.6.0.tar.gz fiddler.exe php-5.6.11.tar.bz2awstats-7.6.tar.gz httpd-2.4.29.tar.bz2 tu9892_14.jpgcronolog-1.6.2-14.el7.x86_64.rpm LAMP-php5.6.txt decompression [root@localhost abc] # tar jxvf httpd-2.4.29.tar.bz2-C / opt # solution Press [root@localhost abc] # tar zxvf apr-1.6.2.tar.gz-C / opt/ [root@localhost chen] # tar zxvf apr-util-1.6.0.tar.gz-C / opt/ under OPT to move [root@localhost abc] # cd / opt [root@localhost opt] # lsapr-1.6.2 apr-util-1.6.0 httpd-2.4.29 rh [root@localhost opt] # mv apr-1.6.2/ httpd-2. 4.29/srclib/apr # move to this directory [root@localhost opt] # mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util [root@localhost opt] # lshttpd-2.4.29 rh [root@localhost opt] # cd httpd-2.4.29/ installation environment package calhost httpd-2.4.29] # yum-y install\ gcc\ gcc-c++\ make\ pcre-devel\ zlib-devel\ expat-devel\ pcre \ perl installs the underlying functional components of Apache. / configure\-- prefix=/usr/local/httpd\ # specify the path-- enable-deflate\ # Compression function-- enable-so\ # Core Module on-- enable-rewrite\ # enable rewrite function Hotlink protection-enable-charset-lite\ # supports character set-enable-cgi# universal gateway interface compilation and installation Configure the apache file [root@localhost httpd-2.4.29] # make [root@localhost httpd-2.4.29] # make install [root@localhost httpd-2.4.29] # vim / usr/local/httpd/conf/httpd.conf Listen 192.168.136.136:80#Listen 80ServerName www.kgc.com:80 to add a picture to the default web page (find one online)

[root@localhost bin] # vim / usr/local/httpd/htdocs/index.html

[root@localhost bin] # cp / chen/tu9892_14.jpg / usr/local/httpd/htdocs/

[root@localhost bin] #. / apachectl start # execute script

[root@localhost bin] # netstat-ntap | grep 80 # View Port

Tcp 0 192.168.136.136 80 0.0.0.0 * LISTEN 96493/httpd

Go to the client to test the default web page we just configured

Next, let's do a test website to steal the pictures of the website we opened before, and we opened a client to steal the pictures of our default home page, and we opened the program of the website on this client.

Open our website program

Let's go to the explorer to open the file extension

We write the previously visited picture link into a file and then put it on the site, and change the extension to index.html.

Check the URL of our client again.

Let's go to the first client to visit the URL of the second client. Can we steal this picture successfully?

Let's go back to the server and turn on hotlink protection. And add matching rule [root@localhost bin] # vim.. / conf/httpd.conf oadModule rewrite_module modules/mod_rewrite.so # enable hotlink protection # add matching rule RewriteEngine On # enable function RewriteCond% {HTTP_REFERER}! http://kgc.com/.*$ [NC] RewriteCond% {HTTP_REFERER}! ^ http://kgc.com$ [NC] RewriteCond% {HTTP_REFERER}! ^ http://www.kgc.com /. * $[NC] RewriteCond% {HTTP_REFERER}! ^ http://www.kgc.com/$ [NC] RewriteRule. *\. (gif | jpg | swf) $http://www.kgc.com/wen.png put our hotlink protection image on the site. Remember to put the hotlink protection image in the directory shared by our host [root@localhost bin] # cp / chen/wen.png.. / / htdocs/ [root@localhost]. Bin] # ls.. / htdocs/ # check to see if there is such an image index.html tu9892_14.jpg wen.png [root@localhost bin] #. / apachectl stop [root@localhost bin] #. / apachectl start Let's go to the first client to test it. Is this hotlink protection picture useful?

As long as it is the static content of our web page, we can do the hidden version number of hotlink protection web page optimization.

In general, the vulnerability information of the software is related to a specific version, so The version number of the software is very valuable to the user [root@localhost bin] # vim.. / conf/httpd.conf Include conf/extra/httpd-default.conf # Open the hidden version number to the hidden version number in the configuration file [root@localhost httpd] # lsbin cgi-bin error icons lib man modulesbuild conf htdocs include logs manual [root@localhost httpd] # cd conf [root@localhost conf] # lsextra httpd.conf magic mime.types original [root@ Localhost conf] # cd extra/ [root@localhost extra] # lshttpd-autoindex.conf httpd-languages.conf httpd-ssl.confhttpd-dav.conf httpd-manual.conf httpd-userdir.confhttpd-default.conf httpd-mpm.conf httpd-vhosts.confhttpd-info.conf httpd-multilang-errordoc.conf proxy-html.conf [root@localhost extra] # vim httpd-default.conf ServerTokens Prod # was originally the full name of the version number Replace it with Pord [root@localhost extra] # cd. /.. / [root@localhost httpd] # cd bin/ [root@localhost bin] #. / apachectl stop [root@localhost bin] #. / apachectl start

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.