访问控制的设置:
假设:在日志里发现某个IP 尝试***我的站点,就可以通过配置把这个IP 封掉。
拷贝模版
vim /usr/local/apache2/conf/httpd.conf
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Order allow,deny #Order :谁在前,先执行谁。不分上下,只分前后。
Allow from all #允许所有IP
Deny from 127.0.0.1 # 控制这个IP
</Directory>
[root@OBird ~]# apachectl -t
Syntax OK
[root@OBird ~]# apachectl restart
[root@OBird ~]# curl -x127.0.0.1:80 -I www.test.com
HTTP/1.1 403 Forbidden #此时访问不到127.0.0.1
Date: Tue, 27 Sep 2016 12:31:27 GMT
Server: Apache/2.2.31 (Unix) PHP/5.6.24
Content-Type: text/html; charset=iso-8859-1
-------------------------------------------------------------------------------------------
白名单限制,限制指定的IP 访问。
[root@OBird ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<filesmatch "(.*)admin(.*)">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
[root@OBird ~]# apachectl -t
Syntax OK
[root@OBird ~]# apachectl restart
[root@OBird ~]# curl -x10.72.4.30:80 -I www.test.com/admin.php
HTTP/1.1 403 Forbidden #限制成功,403 不能访问
Date: Tue, 27 Sep 2016 12:46:15 GMT
Server: Apache/2.2.31 (Unix) PHP/5.6.24
Content-Type: text/html; charset=iso-8859-1
---------------------------------------------
[root@OBird ~]# curl -x127.0.0.1:80 -I www.test.com/admin.php
HTTP/1.1 200 OK # 可以访问
Date: Tue, 27 Sep 2016 12:48:48 GMT
Server: Apache/2.2.31 (Unix) PHP/5.6.24
X-Powered-By: PHP/5.6.24
Set-Cookie: gfwC_2132_saltkey=IYZYTY7u; expires=Thu, 27-Oct-2016 12:48:48 GMT; Max-Age=2592000; path=/; httponly
Set-Cookie: gfwC_2132_lastvisit=1474976928; expires=Thu, 27-Oct-2016 12:48:48 GMT; Max-Age=2592000; path=/
Set-Cookie: gfwC_2132_sid=POGGLH; expires=Wed, 28-Sep-2016 12:48:48 GMT; Max-Age=86400; path=/
Set-Cookie: gfwC_2132_lastact=1474980528%09admin.php%09; expires=Wed, 28-Sep-2016 12:48:48 GMT; Max-Age=86400; path=/
Cache-Control: max-age=0
Expires: Tue, 27 Sep 2016 12:48:48 GMT
Content-Type: text/html; charset=gbk
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。