Apache配置 9.访问控制-Diretory\FileMatch
(1)介绍
访问控制限制白名单IP,针对文件和目录。
(2)目录配置
#vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache2.4/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /usr/local/apache2.4/docs/www.111.com/admin>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined
</VirtualHost>
//Directory是用来指定限制访问的目录,order定义控制顺序
验证过程:
# mkdir /usr/local/apache2.4/docs/www.111.com/admin/
//创建admin目录,模拟网站后台
# vi /usr/local/apache2.4/docs/www.111.com/admin/123.php
<?php
echo "Hello World!";
?>
(3)配置验证
# /usr/local/apache2.4/bin/apachectl -t
# /usr/local/apache2.4/bin/apachectl graceful
curl -x127.0.0.1:80 www.111.com/admin/123.php -I
# curl -x192.168.63.130:80 www.111.com/admin/123.php -I
状态码为403,拒绝访问
(5)针对文件配置
编辑配置文件:
#vim /usr/local/apache2 .4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache2.4/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
<Directory /usr/local/apache2.4/docs/www.111.com/>
<FilesMatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined
</VirtualHost>
验证过程如下:
cd /usr/local/apache2.4/docs/www.111.com/
# vim admin.php
<?php
echo "This is admin.php";
?>
# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
# /usr/local/apache2.4/bin/apachectl graceful
(6)配置验证
# curl -x192.168.63.130:80 www.111.com/admin.php -I
状态码403被拒绝
# curl -x127.0.0.1:80 www.111.com/admin.php -I
状态码200访问正常
验证成功
浙公网安备 33010602011771号