Lamp Building 13:apache Access control

There are two types of access control for Apache: One is to restrict the directory, and the other is to restrict the file. The two methods of access control are described in turn. Our virtual machine has two IPs: one 127.0.0.1, the other 192.168.147.132. If we don't want one of the IP like 127.0.0.1 to visit our website. (In fact, it is mainly restricting others, not restricting themselves, here is just an example)

Edit a virtual host configuration file

[Email protected] ~]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

To add an access control method that restricts 127.0.0.1 access to the Web site's root directory:

......

ServerName www.test.com

Serveralias www.aaa.com

Serveralias www.bbb.com

<directory "/data/www" >

AllowOverride None

Options None

Order Allow,deny

Allow from all

Deny from 127.0.0.1

</Directory>

<ifmodule mod_rewrite.c>

Rewriteengine on

Rewritecond%{http_host} ^www.aaa.com$ [OR]

Rewritecond%{http_host} ^www.bbb.com$

Rewriterule ^/(. *) $ http://www.test.com/$1 [r=301,l]

</IfModule>

......

Matches in order, regardless of the precedence of the Allow line and the deny row below. Here order is to see allow first, then deny,

So first allow all IP access, and then prohibit 127.0.0.1 access, the end result is 127.0.0.1 is forbidden.

Check the error after reloading the configuration file, you can see that we have refused to 127.0.0.1 access, 192.168.147.132 can still access

[Email protected] ~]# apachectl-t

Syntax OK

[Email protected] ~]# Apachectl Graceful

[Email protected] ~]# curl-x127.0.0.1:80-i www.test.com

http/1.1 403 Forbidden

Date:sat, 16:18:57 GMT

server:apache/2.2.9 (Unix) php/5.4.36

content-type:text/html; Charset=iso-8859-1

[Email protected] ~]# curl-x192.168.147.132:80-i www.test.com

http/1.1 301 Moved Permanently

Date:sat, 16:19:07 GMT

server:apache/2.2.9 (Unix) php/5.4.36

x-powered-by:php/5.4.36

location:forum.php

Cache-control:max-age=0

Expires:sat, 16:19:07 GMT

Content-type:text/html

[Email protected] ~]# curl-x192.168.147.132:80-i www.test.com/forum.php

http/1.1 OK

Date:sat, 16:19:26 GMT

server:apache/2.2.9 (Unix) php/5.4.36

x-powered-by:php/5.4.36

SET-COOKIE:STI8_2132_SALTKEY=NWITWCJX; Expires=mon, 13-feb-2017 16:19:26 GMT; path=/; HttpOnly

set-cookie:sti8_2132_lastvisit=1484407166; Expires=mon, 13-feb-2017 16:19:26 GMT; path=/

Set-cookie:sti8_2132_sid=brefer; Expires=sun, 15-jan-2017 16:19:26 GMT; path=/

set-cookie:sti8_2132_lastact=1484410766%09forum.php%09; Expires=sun, 15-jan-2017 16:19:26 GMT; path=/

Set-cookie:sti8_2132_onlineusernum=1; Expires=sat, 14-jan-2017 16:24:26 GMT; path=/

Set-cookie:sti8_2132_sid=brefer; Expires=sun, 15-jan-2017 16:19:26 GMT; path=/

Cache-control:max-age=0

Expires:sat, 16:19:26 GMT

content-type:text/html; Charset=gbk

The background of our website must not be open access to any IP, for example, can only be allowed in the background of the local login, you need to do a white list of background management admin.php: Under normal circumstances, everyone can see this page, so inappropriate

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/8C/DE/wKioL1h8eWHx-AFAAAD4w4TDvIk367.png-wh_500x0-wm_ 3-wmp_4-s_3561913562.png "title=" 1.png "alt=" Wkiol1h8ewhx-afaaad4w4tdvik367.png-wh_50 "/>

Add the following to the virtual host configuration file: Allow only 127.0.0.1 access to admin.php

......

<directory "/data/www" >

AllowOverride None

Options None

Order Allow,deny

Allow from all

Deny from 127.0.0.1

</Directory>

<filesmatch "(. *) admin (. *)" >

Order Deny,allow

Deny from all

Allow from 127.0.0.1

</filesmatch>

<ifmodule mod_rewrite.c>

Rewriteengine on

Rewritecond%{http_host} ^www.aaa.com$ [OR]

Rewritecond%{http_host} ^www.bbb.com$

Rewriterule ^/(. *) $ http://www.test.com/$1 [r=301,l]

</IfModule>

......

Check the error after reloading the configuration file, it can be seen now only allow 127.0.0.1 login background management, not through the 192.168.147.132 access to the background management, so it is safe.

[Email protected] ~]# apachectl-t

Syntax OK

[Email protected] ~]# Apachectl Graceful

[Email protected] ~]# curl-x192.168.147.132:80-i www.test.com/admin.php

http/1.1 403 Forbidden

Date:sat, 16:36:15 GMT

server:apache/2.2.9 (Unix) php/5.4.36

content-type:text/html; Charset=iso-8859-1

[Email protected] ~]# curl-x127.0.0.1:80-i www.test.com/admin.php

http/1.1 OK

Date:sat, 16:36:25 GMT

server:apache/2.2.9 (Unix) php/5.4.36

x-powered-by:php/5.4.36

set-cookie:sti8_2132_saltkey=zva82a89; Expires=mon, 13-feb-2017 16:36:25 GMT; path=/; HttpOnly

set-cookie:sti8_2132_lastvisit=1484408185; Expires=mon, 13-feb-2017 16:36:25 GMT; path=/

SET-COOKIE:STI8_2132_SID=QE5KCO; Expires=sun, 15-jan-2017 16:36:25 GMT; path=/

set-cookie:sti8_2132_lastact=1484411785%09admin.php%09; Expires=sun, 15-jan-2017 16:36:25 GMT; path=/

Cache-control:max-age=0

Expires:sat, 16:36:25 GMT

content-type:text/html; Charset=gbk

Lamp Building 13:apache Access control