介绍
- 访问控制限制白名单IP,针对文件和目录
目录配置
-
限制IP访问,编辑配置文件。
-
#vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
-
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot “/usr/local/apache2.4/docs/www.111.com”
ServerName www.111.com
ServerAlias 111.com
<Directory /usr/local/apache2.4/docs/www.111.com/admin>
Order deny,allow
Deny from all
Allow from 127.0.0.1
< /Directory>
ErrorLog “logs/111.com-error_log”
CustomLog “logs/111.com-access_log” combined
< /VirtualHost> -
//Directory是用来指定限制访问的目录,order定义控制顺序
-
验证过程
-
# mkdir /usr/local/apache2.4/docs/www.111.com/admin/
//创建admin目录,模拟网站后台 -
#vi /usr/local/apache2.4/docs/www.111.com/admin/123.php
-
<?php
echo “Hello World!”;
?> -
配置验证
-
# /usr/local/apache2.4/bin/apachectl -t
-
#/usr/local/apache2.4/bin/apachectl graceful
-
#curl -x127.0.0.1:80 www.111.com/admin/123.php -I
状态码为200,可正常访问 -
#curl -x192.168.63.130:80 www.111.com/admin/123.php -I
状态码为403,拒绝访问 -
验证成功
文件配置
-
编辑配置文件
-
#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf
-
<VirtualHost :80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot “/usr/local/apache2.4/docs/www.111.com”
ServerName www.111.com
ServerAlias 111.com
<Directory /usr/local/apache2.4/docs/www.111.com/>
<FilesMatch "admin.php(.)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
< /FilesMatch>
< /Directory>
ErrorLog “logs/111.com-error_log”
CustomLog “logs/111.com-access_log” combined
< /VirtualHost> -
验证过程:
-
# cd /usr/local/apache2.4/docs/www.111.com/
-
#vim admin.php
-
#/usr/local/apache2.4/bin/apachectl -t
Syntax OK
-
#/usr/local/apache2.4/bin/apachectl graceful
-
配置验证
-
# curl -x192.168.63.130:80 www.111.com/admin.php -I
状态码403被拒绝 -
#curl -x127.0.0.1:80 www.111.com/admin.php -I
状态码200访问正常 -
验证成功