Apache 配置 之 訪問控制

訪問控制的設置：

 假設：在日志里發現某個IP 嘗試***我的站點，就可以通過配置把這個IP 封掉。

拷貝模版

vim /usr/local/apache2/conf/httpd.conf

<Directory "/usr/local/apache2/cgi-bin">

    AllowOverride None

    Options None

    Order allow,deny  #Order ：誰在前，先執行誰。不分上下，只分前后。

    Allow from all     #允許所有IP

    Deny from 127.0.0.1  # 控制這個IP

</Directory>

[root@OBird ~]# apachectl -t

Syntax OK

[root@OBird ~]# apachectl restart

[root@OBird ~]# curl -x127.0.0.1:80 -I www.test.com

HTTP/1.1 403 Forbidden   #此時訪問不到127.0.0.1

Date: Tue, 27 Sep 2016 12:31:27 GMT

Server: Apache/2.2.31 (Unix) PHP/5.6.24

Content-Type: text/html; charset=iso-8859-1

-------------------------------------------------------------------------------------------

白名單限制，限制指定的IP 訪問。

[root@OBird ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf

<filesmatch "(.*)admin(.*)">

         Order Deny，Allow

         Deny from all

         Allow from 127.0.0.1

 </filesmatch>

[root@OBird ~]# apachectl -t

Syntax OK

[root@OBird ~]# apachectl restart

[root@OBird ~]# curl -x10.72.4.30:80 -I www.test.com/admin.php

HTTP/1.1 403 Forbidden         #限制成功,403 不能訪問

Date: Tue, 27 Sep 2016 12:46:15 GMT

Server: Apache/2.2.31 (Unix) PHP/5.6.24

Content-Type: text/html; charset=iso-8859-1

---------------------------------------------

[root@OBird ~]# curl -x127.0.0.1:80 -I www.test.com/admin.php

HTTP/1.1 200 OK                # 可以訪問

Date: Tue, 27 Sep 2016 12:48:48 GMT

Server: Apache/2.2.31 (Unix) PHP/5.6.24

X-Powered-By: PHP/5.6.24

Set-Cookie: gfwC_2132_saltkey=IYZYTY7u; expires=Thu, 27-Oct-2016 12:48:48 GMT; Max-Age=2592000; path=/; httponly

Set-Cookie: gfwC_2132_lastvisit=1474976928; expires=Thu, 27-Oct-2016 12:48:48 GMT; Max-Age=2592000; path=/

Set-Cookie: gfwC_2132_sid=POGGLH; expires=Wed, 28-Sep-2016 12:48:48 GMT; Max-Age=86400; path=/

Set-Cookie: gfwC_2132_lastact=1474980528%09admin.php%09; expires=Wed, 28-Sep-2016 12:48:48 GMT; Max-Age=86400; path=/

Cache-Control: max-age=0

Expires: Tue, 27 Sep 2016 12:48:48 GMT

Content-Type: text/html; charset=gbk