Shulou(Shulou.com)06/02 Report--

Apache hotlink protection Apache installation package

Link: https://pan.baidu.com/s/11X5CEWoVemxlGuNQqn9cuA

Extraction code: jn6l

1. Install and configure Apache service 1.1.Through sharing Mount the Apache installation package to the virtual machine [root@localhost ~] # smbclient-L / / 192.168.10.64Enter SAMBA\ root's password: Sharename Type Comment-IPC$ IPC remote IPC share Disk Users Disk Reconnecting with SMB1 for workgroup listing. Connection to 192.168.10.64 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) Failed to connect with SMB1-- no workgroup available [root@localhost ~] # mount.cifs / / 192.168.10.64/share / mntPassword for root@//192.168.10.64/share: [root@localhost ~] # 1.2 install dns service package [root@localhost ~] # yum install bind-y loaded plug-in: fastestmirror LangpacksLoading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirrors.163.com * updates: centos.ustc.edu.cn is resolving dependencies-- > checking transactions-- > package bind.x86_64.32.9.11.4-9.P2.el7 will be installed-- > processing dependencies bind-libs-lite (x86-64) = 32extras 9.11.4-9.P2.el7 It is required by the package 32:bind-9.11.4-9.P2.el7.x86_64-- > processing dependencies bind-libs (x86-64) = 32 9.P2.el7 9.11.4-9.P2.el7, it is required by the package 32:bind-9.11.4-9.P2.el7.x86_64-- > processing dependencies liblwres.so.160 () (64bit) It is needed by the package 32:bind-9.11.4-9.P2.el7.x86_64-- > is dealing with dependencies libisccfg.so.160 () (64bit), and it is required by the package 32:bind-9.11.4-9.P2.el7.x86_64 to modify the dns main configuration file [root@localhost ~] # vim / etc/named.confoptions {listen-on port 53 {any }; / / change to any listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt" Recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}; / / change to any1.2 modify dns zone configuration file [root@localhost ~] # vim / etc/named.rfc1912.zones# add the following content zone "kgc.com" IN {type master; file "kgc.com.zone" Allow-update {none;};}; 1.2 copy the dns zone data configuration file template and modify the dns zone data configuration file [root@localhost ~] # cp-p / var/named/named.localhost / var/named/kgc.com.zone [root@localhost ~] # vim / var/named/kgc.com.zone$TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.102.1661.2 enable the dns service and turn off the firewall [root@localhost] # systemctl start named [root@localhost] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 [root@localhost ~] # 2, Manual compilation and installation of apache Service 2.1 extract apache installation package [root@localhost] # tar zvxf / mnt/LAMP-C7/apr-1.6.2.tar.gz-C / opt [root@localhost ~] # tar zvxf / mnt/LAMP-C7/apr-util-1.6.0.tar.gz-C / opt [root@localhost] # tar jxvf / mnt/LAMP-C7/httpd-2.4.29.tar.bz2-C / opt2.2 Mobile Cross Platform components location [root@localhost ~] # mv / opt/apr-1.6.2 / opt/httpd-2.4.29/srclib/apr [root@localhost ~] # mv / opt/apr-util-1.6.0 / opt/httpd-2.4.29/srclib/apr-util [root@localhost ~] # 2.3 necessary software packages for installation environment [root@localhost ~] # yum-y install\ > gcc\ > gcc-c++\ > make\ > pcre-devel \ > zlib-devel\ > expat-devel\ > pcre\ > perl2.4 configure configure [root@localhost ~] # cd / opt/httpd-2.4.29/ [root@localhost httpd-2.4.29] #. / configure\ >-- prefix=/usr/local/httpd\ >-- enable-so\ >-- enable-deflate\ >-- enable-expires\ >-- enable-rewrite\ >-- enable-charset-lite\ >-- enable-cgi2.5 compilation and compilation Translate and install [root@localhost httpd-2.4.29] # make & & make install3, Configure hotlink protection service 3.1 modify listening addresses and domain names

[root@localhost ~] # vim / usr/local/httpd/conf/httpd.conf

# Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses.#Listen 12.34.56.78:80#Listen 80Listen 192.168.102.166:80#ServerName gives the name and port that the server uses to identify itself.#This can often be determined automatically, but we recommend you specify#it explicitly to prevent problems during startup.#If your host doesn't have a registered DNS name, enter its IP address here.ServerName www.kgc.com:80#Deny access to the entirety of your server's filesystem. You must#explicitly permit access to web3.2 enables hotlink protection [root@localhost ~] # vim / usr/local/httpd/conf/httpd.confLoadModule alias_module modules/mod_alias.soLoadModule rewrite_module modules/mod_rewrite.so244 AllowOverride None245 246 # 247 # Controls who can get stuff from this server.248 # 249 Require all granted250 RewriteEngine On251 RewriteCond% {HTTP_REFERER}! ^ http://kgc.com/.*$ [NC] 252 RewriteCond% {HTTP_REFERER }! ^ http://kgc.com$ [NC] 253 RewriteCond% {HTTP_REFERER}! ^ http://www.kgc.com/.*$ [NC] 254 RewriteCond% {HTTP_REFERER}! ^ http://www.kgc.com$ [NC] 255 RewriteRule. *. (gif | jpg | swf) $http://www.kgc.com/error.png256 257 258 # 259 # DirectoryIndex: sets the file that Apache will serve if a directory3.3 modifies apache home page content [root@localhost ~] # vim / usr/ Local/httpd/htdocs/index.html this is test web

3.3 copy the images in the mount folder [root@localhost htdocs] # cp / mnt/LAMP-C7/game.jpg / usr/local/httpd/htdocs/ [root@localhost htdocs] # cp / mnt/LAMP-C7/error.png / usr/local/httpd/htdocs/ [root@localhost htdocs] # lserror.png game.jpg index.html [root@localhost htdocs] # 3.4 restart the apache service [root@localhost ~] # / usr/local/httpd/bin/apachectl stophttpd (no Pid file) not running [root@localhost] # / usr/local/httpd/bin/apachectl start [root@localhost ~] # 4, Create a pirated website 4.1 and open another virtual machine Install the apache service

[root@localhost ~] # yum install httpd-y

Modify the listener address [root@localhost ~] # vim / etc/httpd/conf/httpd.conf33 # 34 # Listen: Allows you to bind Apache to specific IP addresses and/or 35 # ports, instead of the default. See also the 36 # directive. 37 # 38 # Change this to Listen on specific IP addresses as shown below to 39 # prevent Apache from glomming onto all bound IP addresses. 40 # 41 Listen 192.168.102.167 Listen 80 42 # Listen 80 43 44 # 45 # Dynamic Shared Object (DSO) Support 46 # 86 ServerAdmin root@localhost 87 88 # 89 # ServerName gives the name and port that the server uses to identify itself. 90 # This can often be determined automatically, but we recommend you specify 91 # it explicitly to prevent problems during startup. 92 # 93 # If your host doesn't have a registered DNS name, enter its IP address here. 94 # 95 ServerName www.kgc.com:80 96 97 # 98 # Deny access to the entirety of your server's filesystem. You must 99 # explicitly permit access to web content directories in other # blocks below.101 # 4.3 modify the home page of the apache website [root@localhost ~] # cd / var/www/html [root@localhost html] # ls [root@localhost html] # vim index.html this is test web

~ ~ 4.4 add domain name resolution server address [root@localhost ~] # echo "nameserver 192.168.102.166" > / etc/resolv.conf [root@localhost ~] # 4.5 restart the apache service [root@localhost ~] # systemctl restart httpd [root@localhost ~] # 4.65, Verify 5.1 visit the original website www.kgc.com first

5.2 visit the hotlink website

Hotlink protection is successful

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.