Apache的IP访问控制
Apache防盗链主要是防止本网站的链接被别人盗用使用Apache访问控制,禁用来源IP访问
1、修改网站的虚拟主机配置文件
从主配置文件中拷贝模板:
# vim /usr/local/apache2/conf/httpd.conf
# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
........
<Directory "/data/www">
AllowOverride None
Options None
Order allow,deny
Allow from all 允许所有访问
Deny from 127.0.0.1访问 禁用127.0.0.1访问
</Directory>
...........
</VirtualHost>
2、测试
# curl -x 127.0.0.1:80 -I www.test.com 127.0.0.1被禁止访问
HTTP/1.1 403 Forbidden
Date: Wed, 02 Dec 2015 02:47:23 GMT
Server: Apache/2.2.31 (Unix) PHP/5.4.45
Content-Type: text/html; charset=iso-8859-1
# curl -x 192.168.101.230:80 -I www.test.com 192.168.101.230正常访问
HTTP/1.1 301 Moved Permanently
Date: Wed, 02 Dec 2015 02:47:42 GMT
Server: Apache/2.2.31 (Unix) PHP/5.4.45
X-Powered-By: PHP/5.4.45
location: forum.php
Cache-Control: max-age=0
Expires: Wed, 02 Dec 2015 02:47:42 GMT
Content-Type: text/html
# curl -x 192.168.101.230:80 -I www.test.com/forum.php 正常访问
HTTP/1.1 200 OK
3、如果希望白名单限制管理员登录网页URI:http://www.test.com/admin.php,怎么做?
<VirtualHost *:80>........ <filesmatch "(.*)admin(.*)"> Order deny,allow Deny from all 禁用所有访问 Allow from 127.0.0.1 允许127.0.0.1访问 Allow from 192.168.101.230 </filesmatch>
...........</VirtualHost>重启Apache服务后,用PC(192.168.101.175)访问http://www.test.com/admin.php,报错403Forbidden。
# curl -x 192.168.101.230:80 -I http://www.test.com/admin.php
HTTP/1.1 200 OK 200,但是192.168.101.230可以正常访问
页:
[1]