11
[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# mkdir images
[root@localhost html]# cd images/
[root@localhost images]# vim aa.sh //脚本内容随意定义
[root@localhost images]# pwd
/usr/local/nginx/html/images
//浏览器访问/images/aa.sh
- 禁止访问images下面的php程序文件
[root@localhost images]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost images]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost images]# systemctl restart nginx
//再测一下192.168.70.106/images/aa.sh
//用curl测
[root@localhost images]# curl 192.168.70.106/images/aa.sh
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>hao321/8.9.11</center>
</body>
</html>
2、配置nginx禁止访问*.txt文件
[root@localhost images]# cd ..
[root@localhost html]# pwd
/usr/local/nginx/html
[root@localhost html]# echo "welcome to access page" > aa.txt
[root@localhost html]# ls
50x.html aa.txt images index.html passwd.html test.png
[root@localhost html]# curl 192.168.70.106/aa.txt
welcome to access page
[root@localhost html]# vim ../conf/nginx.conf
location ~* \.(txt|doc)$ {
if ( -f $request_filename) {
root /usr/local/nginx/html;
}
deny all;
}
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
//再访问192.168.70.106/aa.txt
3、可以错误重定向到某一个URL
3-1
[root@localhost html]# vim ../conf/nginx.conf
location ~* \.(txt|doc)$ {
if ( -f $request_filename) {
root /usr/local/nginx/html;
}
# deny all;
rewrite ^/(.*)$ http://www.baidu.com last;
}
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
//刷新网页
3-2优雅错误提示
[root@localhost html]# ls
50x.html aa.txt images index.html passwd.html test.png
[root@localhost html]# mkdir aa
[root@localhost html]# cd aa
[root@localhost aa]# pwd
/usr/local/nginx/html/aa
[root@localhost aa]# echo "网站维护中,请稍后再访问。" > er.html
[root@localhost aa]# ls
er.html
[root@localhost aa]# pwd
/usr/local/nginx/html/aa
[root@localhost aa]# cd ..
[root@localhost html]# vim ../conf/nginx.conf
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
//测试网页http://192.168.70.106/aa/er.html
4、
[root@localhost html]# ls aa
er.html
[root@localhost html]# mkdir bb
[root@localhost html]# echo "bb" > bb/index.html
[root@localhost html]# echo "aa" > aa/index.html
[root@localhost html]# vim ../conf/nginx.conf
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
[root@localhost html]# curl 192.168.70.106/aa/index.html //测试网页
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>hao321/8.9.11</center>
</body>
</html>
[root@localhost html]# curl 192.168.70.106/bb/index.html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>hao321/8.9.11</center>
</body>
</html>
- 修改允许访问 /aa/ 结论:可以设置黑名单和白名单
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# nginx -s reload
[root@localhost ~]# curl 192.168.70.106/aa/index.html //本机访问拒绝
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>hao321/8.9.11</center>
</body>
</html>
//用允许的192.167.70.10 windows主机访问
5、IP和301优化(只允许域名访问,IP访问拒绝)
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# nginx -s reload
//访问192.168.70.106
//注销重定向rewire,添加return 403 返回值
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# nginx -s reload
//测试192.168.70.106
- 5-1
- 5-2
- windows 设置hosts 文件(域名解析访问)
- windos测试一下
5-3 配置跳转301跳转(输入qingniao.com自动跳转www.qingniao.com)
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# nginx -s reload
- 修改hosts(用linux访问也可以修改hosts文件)
- 测试qingniao.com
6、防盗链
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf //搭建盗链
[root@localhost ~]# pwd
/root
[root@localhost ~]# cd /usr/local/nginx/html
[root@localhost html]# ls
50x.html aa aa.txt bb images index.html passwd.html test.png
[root@localhost html]# vi default.html
[1]+ Stopped vi default.html
[root@localhost html]# ls
50x.html aa aa.txt bb images index.html passwd.html test.png
[root@localhost html]# mv /root/qingniao.jpg ./
[root@localhost html]# ls
50x.html aa aa.txt bb images index.html passwd.html qingniao.jpg test.png
[root@localhost html]# cat default.html
www.benet.com
<a href="http://www.qingniao.com/qingniao.jpg">图片</a>
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
- 源站访问
- 清缓存测试(盗链访问)
- 防盗链设置
//查看一下日志
[root@localhost ~]# cd /usr/local/nginx/logs
[root@localhost logs]# ls
access.log cut cut_nginx_log.sh error.log nginx.pid
[root@localhost logs]# cat access.log
192.168.70.10 - - [12/May/2023:18:08:49 +0800] "GET /qingniao.jpg HTTP/1.1" 301 186 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36"
192.168.70.10 - - [12/May/2023:18:08:49 +0800] "GET /qingniao.jpg HTTP/1.1" 200 21616 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36"
192.168.70.10 - - [12/May/2023:18:08:49 +0800] "GET /favicon.ico HTTP/1.1" 404 572 "http://www.qingniao.com/qingniao.jpg" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36"
客户端直接访问源站,referer '-' 头字段为空 none 盗链访问客户端,referer 头字段是'benet.com' 字段,盗链是通过某一个网站的连接访问源站内容。
[root@localhost logs]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost logs]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost logs]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost logs]# nginx -s reload
//请浏览器缓存测试一下网页www.benet.com
- 设置图片,来做rewrite跳转
[root@localhost ~]# cd /usr/local/nginx/html
[root@localhost html]# ls
50x.html aa.txt default.html index.html qingniao.jpg
aa bb images passwd.html test.png
[root@localhost html]# mkdir img
[root@localhost html]# mv test.png img/
[root@localhost html]# ls
50x.html aa.txt default.html img passwd.html
aa bb images index.html qingniao.jpg
[root@localhost html]# ls img/
test.png
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
//测试www.benet.com
- 错误页面的提示
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
[root@localhost html]# pwd
/usr/local/nginx/html
[root@localhost html]# echo "xxxxxxxxxxxxxx" > 404.html
- 输入一个不存在的网页
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx -s reload
[root@cong11 ~]# yum -y install httpd-tools #安装htpasswd工具
[root@localhost html]# htpasswd -cb /usr/local/nginx/conf/passwd user1 123456
Adding password for user user1
[root@localhost html]# cat /usr/local/nginx/conf/passwd
user1:$apr1$JxHqbjCO$KqXR8dYOH8bfb4FhF5Ads/
[root@localhost html]# htpasswd -b /usr/local/nginx/conf/passwd user2 123456
Adding password for user user2
[root@localhost html]# ls ../conf/ -l
total 68
-rw-r--r-- 1 root root 1077 May 10 14:53 fastcgi.conf
-rw-r--r-- 1 root root 1077 May 10 14:53 fastcgi.conf.default
-rw-r--r-- 1 root root 1007 May 10 14:53 fastcgi_params
-rw-r--r-- 1 root root 1007 May 10 14:53 fastcgi_params.default
-rw-r--r-- 1 root root 2837 May 10 14:53 koi-utf
-rw-r--r-- 1 root root 2223 May 10 14:53 koi-win
-rw-r--r-- 1 root root 3957 May 10 14:53 mime.types
-rw-r--r-- 1 root root 3957 May 10 14:53 mime.types.default
-rw-r--r-- 1 root root 4485 May 12 20:55 nginx.conf
-rw-r--r-- 1 root root 2656 May 10 14:53 nginx.conf.default
-rw-r--r-- 1 root root 88 May 12 21:01 passwd
-rw-r--r-- 1 root root 636 May 10 14:53 scgi_params
-rw-r--r-- 1 root root 636 May 10 14:53 scgi_params.default
-rw-r--r-- 1 root root 664 May 10 14:53 uwsgi_params
-rw-r--r-- 1 root root 664 May 10 14:53 uwsgi_params.default
-rw-r--r-- 1 root root 3610 May 10 14:53 win-utf
[root@localhost html]# nginx -s reload
//测试www.qingniao.com