用户认证:
htpasswd文件:
工具: httpd-tools
htpasswd -c /path/to/htpasswd username #-c只有第一次创建文件时使用
nginx:
auth_basic "认证信息";
auth_basic_user_file /path/to/htpasswd;
apache:
AllowOverride AuthConfig
AuthType Basic
AuthName "认证信息"
AuthUserFile /path/to/htpasswd
require valid-user
域名跳转:
nginx:
if ($host != "www.fqdn.com"){ #if和( 之间要有空格
rewrit ^$ http://www.fqdn.com/$1 permanent;
}
apache:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.fqdn.com$ #多个域名可以使用[OR]
RewriteRule ^/(.*)$ http://www.fqdn.com/$1 [R=301,L]
不记录指定文件类型的日志:
nginx:
location ~* \.(jpeg|png|js|css|jif)$ {
access_log off;
}
apache:
SetEnvIfNoCase Request_URI "^.*\.(jpeg|png|js|css|jif)$" log_no_record
ErrorLog "logs/error_log"
CustomLog "logs/access_log" common env!=log_no_record
日志切割:
nginx:
#!/bin/bash
#filename: log-analysis.sh
d=`date +%Y-%m-%d`
/bin/mv /path/to/log /path/to/$d-log
#另一种获取nginx的pid
#ps aux | grep nginx | awk '/master/ {print $2}' | sed 's/[:space: ]//g'
/usr/bin/kill -HUP `cat /path/to/nginx.pid`
0 0 * * * source /path/to/log-analysis.sh
#另外一种办法: /etc/logrotate.d/ 下写脚本
apache:
CustomLog "|rotatelogs -l logs/access_log 86400" common
文件过期时间:
nginx:
location ~ .*\.(jpg|jpeg|png|js|css|jif)${
expires 20h #此项一般和关闭日志在一起
}
apache:
法一:
ExpiresActive On
ExpiresByType image/jpeg "access plus 1 days"
ExpiresByType image/png "access plus 2 hours"
ExpiresByType application/javascript "now plus 1 minutes"
ExpiresDefault "now plus 0 minutes"
法二:
header set Cache-Control "max-age=3600"
防盗链:
nginx:
location ~* ^.*\.(gif|png|js|css|jif|pdf|gz2)$ {
valid-referers none blocked www.self.com *.taobao.com *.baidu.com ;
if ($invalid-refer) {
#return 403;
rewrite ^/ http://www.fqdn.com/nophoto.gif;
}
}
apache:
SetEnvIfNoCase Refer "^http://www\.fqdn\.com"local-refer
SetEnvIfNoCase Refer "^.*\.fqdn\.com" local-refer
SetEnvIfNoCase Refer "^$" local-refer
Order Allow,Deny
Allow from env=local-refer
权限控制:
nginx:
方法: allow , deny
deny.ip #文件
allow 192.168.1.1
allow 127.0.0.11
deny all
location ~* .*(image|static|tempalte)/.*\.php$ {
include deny.ip;
}
apache:
Order deny,allow
Deny from 192.168.1.1
控制user-agent:
nginx:
location / {
if ($http_user_agent ~ 'Spider/3.0|baidu|Gecko') {
return 403;
}
}
apache:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*MSIE 7.0* [NC]
RewriteRule .* - [F]
未完待续....
htpasswd文件:
工具: httpd-tools
htpasswd -c /path/to/htpasswd username #-c只有第一次创建文件时使用
nginx:
auth_basic "认证信息";
auth_basic_user_file /path/to/htpasswd;
apache:
AllowOverride AuthConfig
AuthType Basic
AuthName "认证信息"
AuthUserFile /path/to/htpasswd
require valid-user
域名跳转:
nginx:
if ($host != "www.fqdn.com"){ #if和( 之间要有空格
rewrit ^$ http://www.fqdn.com/$1 permanent;
}
apache:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.fqdn.com$ #多个域名可以使用[OR]
RewriteRule ^/(.*)$ http://www.fqdn.com/$1 [R=301,L]
不记录指定文件类型的日志:
nginx:
location ~* \.(jpeg|png|js|css|jif)$ {
access_log off;
}
apache:
SetEnvIfNoCase Request_URI "^.*\.(jpeg|png|js|css|jif)$" log_no_record
ErrorLog "logs/error_log"
CustomLog "logs/access_log" common env!=log_no_record
日志切割:
nginx:
#!/bin/bash
#filename: log-analysis.sh
d=`date +%Y-%m-%d`
/bin/mv /path/to/log /path/to/$d-log
#另一种获取nginx的pid
#ps aux | grep nginx | awk '/master/ {print $2}' | sed 's/[:space: ]//g'
/usr/bin/kill -HUP `cat /path/to/nginx.pid`
0 0 * * * source /path/to/log-analysis.sh
#另外一种办法: /etc/logrotate.d/ 下写脚本
apache:
CustomLog "|rotatelogs -l logs/access_log 86400" common
文件过期时间:
nginx:
location ~ .*\.(jpg|jpeg|png|js|css|jif)${
expires 20h #此项一般和关闭日志在一起
}
apache:
法一:
ExpiresActive On
ExpiresByType image/jpeg "access plus 1 days"
ExpiresByType image/png "access plus 2 hours"
ExpiresByType application/javascript "now plus 1 minutes"
ExpiresDefault "now plus 0 minutes"
法二:
header set Cache-Control "max-age=3600"
防盗链:
nginx:
location ~* ^.*\.(gif|png|js|css|jif|pdf|gz2)$ {
valid-referers none blocked www.self.com *.taobao.com *.baidu.com ;
if ($invalid-refer) {
#return 403;
rewrite ^/ http://www.fqdn.com/nophoto.gif;
}
}
apache:
SetEnvIfNoCase Refer "^http://www\.fqdn\.com"local-refer
SetEnvIfNoCase Refer "^.*\.fqdn\.com" local-refer
SetEnvIfNoCase Refer "^$" local-refer
Order Allow,Deny
Allow from env=local-refer
权限控制:
nginx:
方法: allow , deny
deny.ip #文件
allow 192.168.1.1
allow 127.0.0.11
deny all
location ~* .*(image|static|tempalte)/.*\.php$ {
include deny.ip;
}
apache:
Order deny,allow
Deny from 192.168.1.1
控制user-agent:
nginx:
location / {
if ($http_user_agent ~ 'Spider/3.0|baidu|Gecko') {
return 403;
}
}
apache:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*MSIE 7.0* [NC]
RewriteRule .* - [F]
未完待续....
编辑回复