手工编译apache服务,实现防盗链功能

手工编译apache服务,实现防盗链功能

Apache防盗链

Apache安装包

链接：~]# smbclient -L //192.168.10.64 Enter SAMBA\root's password: Sharename Type Comment --------- ---- ------- IPC$ IPC 远程 IPC share Disk Users Disk Reconnecting with SMB1 for workgroup listing. Connection to 192.168.10.64 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) Failed to connect with SMB1 -- no workgroup available [root@localhost ~]# mount.cifs //192.168.10.64/share /mnt Password for root@//192.168.10.64/share: [root@localhost ~]#

1.2 安装dns服务软件包

[root@localhost ~]# yum install bind -y 已加载插件：fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirrors.163.com * updates: centos.ustc.edu.cn 正在解决依赖关系 --> 正在检查事务 ---> 软件包 bind.x86_64.32.9.11.4-9.P2.el7 将被 安装 --> 正在处理依赖关系 bind-libs-lite(x86-64) = 32:9.11.4-9.P2.el7，它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要 --> 正在处理依赖关系 bind-libs(x86-64) = 32:9.11.4-9.P2.el7，它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要 --> 正在处理依赖关系 liblwres.so.160()(64bit)，它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要 --> 正在处理依赖关系 libisccfg.so.160()(64bit)，它被软件包 32:bind-9.11.4-9.P2.el7.x86_64 需要

1.2 修改dns主配置文件

[root@localhost ~]# vim /etc/named.conf options { listen-on port 53 { any; }; //改成any listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; //改成any

1.2修改dns区域配置文件

[root@localhost ~]# vim /etc/named.rfc1912.zones #添加下面内容 zone "kgc.com" IN { type master; file "kgc.com.zone"; allow-update { none; }; };

1.2复制dns区域数据配置文件模板,并修改dns区域数据配置文件

[root@localhost ~]# cp -p /var/named/named.localhost /var/named/kgc.com.zone [root@localhost ~]# vim /var/named/kgc.com.zone $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 IN A 192.168.102.166

1.2开启dns服务关闭防火墙

[root@localhost ~]# systemctl start named [root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# setenforce 0 [root@localhost ~]#

2、手工编译安装apache服务

2.1解压apache安装软件包

[root@localhost ~]# tar zvxf /mnt/LAMP-C7/apr-1.6.2.tar.gz -C /opt [root@localhost ~]# tar zvxf /mnt/LAMP-C7/apr-util-1.6.0.tar.gz -C /opt [root@localhost ~]# tar jxvf /mnt/LAMP-C7/-C /opt

2.2 移动跨平台组件位置

[root@localhost ~]# mv /opt/apr-1.6.2 /opt/httpd-2.4.29/srclib/apr [root@localhost ~]# mv /opt/apr-util-1.6.0 /opt/httpd-2.4.29/srclib/apr-util [root@localhost ~]#

2.3 安装环境必要软件包

[root@localhost ~]# yum -y install \ > gcc \ > gcc-c++ \ > make \ > pcre-devel \ > zlib-devel \ > expat-devel \ > pcre \ > perl

2.4 进行configure配置

[root@localhost ~]# cd /opt/httpd-2.4.29/ [root@localhost ./configure \ > --prefix=/usr/local/\ > --enable-so \ > --enable-deflate \ > --enable-expires \ > --enable-rewrite \ > --enable-charset-lite \ > --enable-cgi

2.5 编译及编译安装

[root@localhost make && make install

3、配置防盗链服务

3.1修改监听地址和域名

[root@localhost ~]# vim /usr/local/this to Listen on specific IP addresses as shown below to #prevent Apache from glomming onto all bound IP addresses. #Listen 12.34.56.78:80 #Listen 80 Listen 192.168.102.166:80

#ServerName gives the name and port that the server uses to identify itself. #This can often be determined automatically, but we recommend you specify #it explicitly to prevent problems during startup. #If your host doesn't have a registered DNS name, enter its IP address here. ServerName kgc.com:80 #Deny access to the entirety of your server's filesystem. You must #explicitly permit access to web

3.2 开启防盗链功能

[root@localhost ~]# vim /usr/local/httpd/conf/httpd.conf LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so

244 AllowOverride None 245 246 # 247 # Controls who can get stuff from this server. 248 # 249 Require all granted 250 RewriteEngine On 251 RewriteCond %{HTTP_REFERER} !^[NC] 252 RewriteCond %{HTTP_REFERER} !^[NC] 253 RewriteCond %{HTTP_REFERER} !^[NC] 254 RewriteCond %{HTTP_REFERER} !^[NC] 255 RewriteRule .*.(gif|jpg|swf)$ http://kgc.com/error.png 256 257 258 # 259 # DirectoryIndex: sets the file that Apache will serve if a directory

3.3 修改apache首页内容

[root@localhost ~]# vim /usr/local/httpd/htdocs/index.html this is test web

3.3 复制挂载文件夹内的图片

[root@localhost htdocs]# cp /mnt/LAMP-C7/https://www.apispace.com/news/zb_users/upload/2022/11/20221110150047_25891.jpg /usr/local/httpd/htdocs/ [root@localhost htdocs]# cp /mnt/LAMP-C7/error.png /usr/local/httpd/htdocs/ [root@localhost htdocs]# ls error.png https://www.apispace.com/news/zb_users/upload/2022/11/20221110150047_25891.jpg index.html [root@localhost htdocs]#

3.4重启apache服务

[root@localhost ~]# /usr/local/stop (no pid file) not running [root@localhost ~]# /usr/local/start [root@localhost ~]#

4、创建盗链网站

4.1再开一台虚拟机,安装apache服务

[root@localhost ~]# yum install -y

4.2修改配置文件中监听地址

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf 33 # 34 # Listen: Allows you to bind Apache to specific IP addresses and/or 35 # ports, instead of the default. See also the 36 # directive. 37 # 38 # Change this to Listen on specific IP addresses as shown below to 39 # prevent Apache from glomming onto all bound IP addresses. 40 # 41 Listen 192.168.102.167:80 42 #Listen 80 43 44 # 45 # Dynamic Shared Object (DSO) Support 46 #

86 ServerAdmin root@localhost 87 88 # 89 # ServerName gives the name and port that the server uses to identify itself. 90 # This can often be determined automatically, but we recommend you specify 91 # it explicitly to prevent problems during startup. 92 # 93 # If your host doesn't have a registered DNS name, enter its IP address here. 94 # 95 ServerName kgc.com:80 96 97 # 98 # Deny access to the entirety of your server's filesystem. You must 99 # explicitly permit access to web content directories in other 100 # blocks below. 101 #

4.3 修改apache网站主页

[root@localhost ~]# cd /var/www/html [root@localhost html]# ls [root@localhost html]# vim index.html this is test web ~ ~

4.4 添加域名解析服务器地址

[root@localhost ~]# echo "nameserver 192.168.102.166" > /etc/resolv.conf [root@localhost ~]#

4.5 重启apache服务

[root@localhost ~]# systemctl restart httpd [root@localhost ~]#

4.6

5、验证

5.1 先访问原网站 kgc.com

5.2 访问盗链网站

防盗链成功

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。