Shulou(Shulou.com)06/02 Report--

Hotlink protection overview hotlink protection is to prevent other people's website code inside the theft of server picture files, videos and other related resources. If others steal these static resources of the site, it will obviously increase the bandwidth pressure on the server. Therefore, as the maintenance personnel of the website, we should put an end to the static resources of our server being embezzled by other websites. Configure rule variable description

% {HTTP_ REFERER}: browse the link fields in header and store one by one chain

The URL, which represents the link from which to access the required web page

! ^: do not start with the following string

. * $: ends with any character

NC: insensitive to upper case

R: forced jump

Rule matching description

RewriteEngine On: turn on web page rewriting function

RewriteCond: setting matching rules (conditions)

RewriteRule: set jump action (operation)

Rule matching

If the value of the corresponding variable matches the set rule, it will be processed one by one; if it does not match, the subsequent rules will no longer match.

Example demonstration environment deploys a linux virtual machine as the source website server, (IP:192.168.235.158/ domain name: www.bdqn.com) a win7 x64 virtual machine as a test client, a win7-2 virtual machine as a pirated website server (192.168.235.143) demonstration begins the first step: install and configure the DNS service

1. Installation service

[root@localhost ~] # yum install bind-y

two。 Configure the DNS master profile

[root@localhost ~] # vim / etc/named.conf / / Edit the main configuration file options {listen-on port 53 {any;}; / / replace 127.0.0.1 in parentheses with any. / / leave the omitted part allow-query {any;}; / / replace localhost in parentheses with any

3. Configure the DNS zone profile

[root@localhost ~] # vim / etc/named.rfc1912.zones / / Edit the zone configuration file zone "bdqn.com" IN {/ / specify the domain name type master; file "bdqn.com.zone"; / / specify the region data file allow-update {none;};}

4. Configure the DNS zone data profile

[root@localhost ~] # cd / var/named/ switch directory [root@localhost named] # cp-p named.localhost bdqn.com.zone / / reserved permission to copy zone data file template [root@localhost named] # vim bdqn.com.zone / / Edit zone data file $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.235.158 / / Delete the contents of the last line and enter this paragraph of www IN A 192.168.235.158, which is the IP address of the local Linux.

5. Enable the DNS service

[root@localhost named] # systemctl start named [root@localhost named] # systemctl stop firewalld.service [root@localhost named] # setenforce 0 step 2: compile and install the Apache service

1. Get the LAMP toolkit by remote sharing

[root@localhost named] # smbclient-L / / 192.168.56.1 / / View the content shared by Windows Sharename Type Comment-LAMP Disk [root@localhost named] # mkdir / abc / / create a directory [root@localhost named] # mount.cifs / / 192.168. 56.1/LAMP / abc// remote mount toolkit to the created directory [root@localhost named] # cd / abc// switch to directory view [root@localhost abc] # lsapr-1.6.2.tar.gz game.jpgapr-util-1.6.0.tar.gz httpd-2.4.29.tar.bz2awstats-7.6.tar.gz install_ Lamp.shcronolog-1.6.2-14.el7.x86_64.rpm mysql-5.6.26.tar.gzDiscuz_X2.5_SC_UTF8.zip php-5.6.11.tar.bz2error.png

two。 Extract the source file of the toolkit, and

/ / decompress the source file [root@localhost abc] # tar jxvf httpd-2.4.29.tar.bz2-C / opt/... [root@localhost abc] # tar zxvf apr-1.6.2.tar.gz-C / opt/... [root@localhost abc] # tar zxvf apr-util-1.6.0.tar.gz-C / opt/...// View / opt directory unzipped component package [root@localhost abc] # ls / optapr -1.6.2 apr-util-1.6.0 httpd-2.4.29 rh// Mobile component package to the srclib directory of the Apache service [root@localhost abc] # cd / opt [root@localhost opt] # mv apr-1.6.2/ httpd-2.4.29/srclib/apr [root@localhost opt] # mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util

3. Install the compiled language environment and configure the Apache functional module with configure

[root@localhost opt] # cd httpd-2.4.29/ [root@localhost httpd-2.4.29] # yum install gcc gcc-c++ pcre pcre-devel zlib-devel expat-devel-y configure / installation locale [root@localhost httpd-2.4.29] # / configure\ >-- prefix=/usr/local/httpd\ >-- enable-deflate\ >-- enable-so\ >-- enable-rewrite\ >-- enable-charset-lite\ >-- enable-cgi// configuration related function modules

4. Compilation and installation

[root@localhost httpd-2.4.29] # make// compilation... [root@localhost httpd-2.4.29] # make install// compilation installation.

5. Open the relevant modules in the Apache main configuration file

[root@localhost httpd-2.4.29] # vim / usr/local/httpd/conf/httpd.conf// Edit Apache main configuration file 198ServerName www.bdqn.com:80// delete the comment # in front of line 198 of the file and replace the URL with the previously created domain name www.bdqn.com 51 Listen 192.168.235.158 usr/local/httpd/conf/httpd.conf// 80 / delete line 51 of the file And replace the listening address with the IP address of the local Linux 52 # Listen 80 / / add # before line 52 to comment out the IPv6 monitoring 156LoadModule rewrite_module modules/mod_rewrite.so// delete file, and turn on the rewrite function module.

6. Create the home page and put in the picture

[root@localhost httpd-2.4.29] # cd / usr/local/httpd/bin/// change to the / bin directory of the Apache service [root@localhost bin] # vim / usr/local/httpd/htdocs/index.html / / Edit the home page file It works!

/ / put the picture in the tag [root@localhost bin] # cp / abc/game.jpg / usr/local/httpd/htdocs/// copy the picture from the previously mounted directory to the site directory

7. Enable the Apache service

[root@localhost bin] #. / apachectl start / / start the service using the script that comes with Apache step 3: use the test client to view the website

1. Open a Win 7 x64 test host and change the DNS server address to the IP address of the local Linux

two。 Open the browser and enter the domain name www.bdqn.com to access the web page.

3. Check the properties of the page to get the URL address of the picture

Right-click the image and click Properties to see that the URL address of the picture is http://www.bdqn.com/game.jpg

Step 4: create and configure a hotlink website

1. Open a Win 7-2 host and build a website

Control Panel-programs-programs and Features-turn windows functions on and off-Select Internet Information Services

two。 Use txt documents to write web content and change the name of the document to index.html

Txt document content:

This is test web

3. Put the index.html file in the site of C:\ inetpub\ wwwroot

Step 5: use the test client to view the hotlink website

Using the Win 7 x64 test host to visit Win 7-2 (IP:192.168.235.143), you can access the web page, but this is a stolen website, while visiting this site, the resources of other people's source sites are stolen, and the prize traffic is returned to the source sites, thus causing load on other people's servers.

Step 6: configure hotlink protection

1. Modify the configuration file of Apache

[root@localhost bin] # vim / usr/local/httpd/conf/httpd.conf248 Require all granted / / append the following 6 lines under line 248 to prevent other websites from stealing links. Once the picture information of the stolen link is intercepted, The wrong picture will pop up with 249 RewriteEngine On250 RewriteCond% {HTTP_REFERER}! ^ http://bdqn.com/.*$ [NC] 251 RewriteCond% {HTTP_REFERER}! ^ http://bdqn.com$ [NC] 252 RewriteCond% {HTTP_REFERER}! ^ http://www.bdqn.com/.*$ [NC] 253 RewriteCond% {HTTP_REFERER}! ^ http://www .bdqn.com / $[NC] 254 RewriteRule. *\. (gif | jpg | swf) $http://www.bdqn.com/error.png

two。 Put the error picture into the site directory

[root@localhost bin] # cp / abc/error.png / usr/local/httpd/htdocs/ [root@localhost bin] # ls / usr/local/httpd/htdocs/error.png game.jpg index.html

3. Restart the service

[root@localhost bin] #. / apachectl stop [root@localhost bin] #. / apachectl start step 7: test hotlink protection

Use Win 7 x64 test host to visit the web page of Win 7-2 (IP:192.168.235.143) again, another picture will pop up, hotlink protection configuration is successful!

-Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.