Apache configuration blacklist and whitelist and account permissions control

two ways to configure the Apache blacklist and whitelist

For project needs, customers need to implement whitelist functionality after deployment. You used to use either the IIS server or the DZ or CP panel on the web, and only the blacklist. Baidu Search, is basically the operation of the blacklist, this article is mainly about the use of Apache rules to achieve black and white list, from the point of view of the program is not stated, PHP can directly obtain the client IP in the initialization class or login method to achieve the ban or only to allow the sector IP through access.

Method 1: Through the Apache Virtual Host configuration file httpd.conf to control, this method is applicable to their own set up the server, the general virtual host is not access to httpd.conf files.

#白名单, allow only 192.168.0.1 and 192.168.1.1-192.168.1.255 access
<directory "D:/htdocs" >
Options Indexes followsymlinks Includes execcgi
AllowOverride All
#以下为关键代码
Order Deny,allow
Allow from 192.168.0.1
Allow from 192.168.1.0/24
Deny from all
</Directory>

#黑名单, prohibit 192.168.0.1 and 192.168.1.1-192.168.1.255 access
<directory "D:/htdocs" >
Options Indexes followsymlinks Includes execcgi
AllowOverride All
#以下为关键代码
Order Allow,deny
Allow from all
Deny from 192.168.0.1
Deny from 192.168.1.
</Directory>

Method 2: Through the pseudo static file of Apache's virtual host, htaccess to control, this method is applicable to all hosts that support. htaccess.

#白名单, allow only 192.168.0.1 and 192.168.1.1-192.168.1.255 access
Order Deny,allow
Allow from 192.168.0.1
Allow from 192.168.1.0/24
Deny from all
#黑名单, prohibit 192.168.0.1 and 192.168.1.1-192.168.1.255 access
Order Allow,deny
Allow from all
Deny from 192.168.0.1
Deny from 192.168.1.

Ps:192.168.1.0/24 and 192.168.1. Equivalent, only for different writing formats.



Apache-level account access control, and Apache blacklist whitelist filtering function

1. Modify the virtual host configuration

<Directory/var/www> #目录路径
...
AllowOverride all #允许. htaccess overwrite the configuration file so that. htaccess takes effect
...
</directory (Allow)

2. Create in a directory that requires permission control. htaccess

#比如要控制/var/www/quanxian directory, create the. htaccess file in the/var/www/quanxian directory and fill in the following

AUTHUSERFILE/VAR/WWW/QUANXIAN/.HTPWD #[permission Control file]
AuthType Basic
AuthName "[Descriptive info]"
ErrorDocument 401/var/www/err_401.html #这句话是可以没有的
Require Valid-user #认证方式: User authentication (Valid-user) or group authentication (valid-group).

3. Generate Encrypted Files

sudo htpasswd-bc/var/www/quanxian/.htpwd wangdatestuser wangdatestpwd #

HTPASSWD's command detailed online there are many, copy one come Over (http://hi.baidu.com/luoxiandong99/item/bd14b7462fe61ef7bdf45140)

##################################################################################################

Apache htpasswd command Option parameter description

-C Create an encrypted file
-N Do not update the encrypted file, only the user name password encrypted with the Apache HTPASSWD command is displayed on the screen
-M default Apache HTPASSSWD command uses MD5 algorithm to encrypt passwords
The-D Apache htpassswd command uses the crypt algorithm to encrypt passwords
-P Apache htpassswd command does not encrypt passwords, i.e. plaintext passwords
-S Apache htpassswd command uses the SHA algorithm to encrypt passwords
-B Enter the username and password together with the Apache HTPASSSWD command line instead of prompting for a password
-D deletes the specified user

Apache HTPASSWD Command Usage instance

1, using the HTPASSWD command to add users

HTPASSWD-BC D:\licang\passwd Yingzi 1234

2, add the next user in the original password file

Htpasswd-b D:\licang\passwd ludi 1234

3, how not to update the password file, only the encrypted user name and password display

HTPASSWD-NB Yingzi 1234

4, use the htpasswd command to delete the user name and password

htpasswd-d D:\licang\passwd Yingzi

5, use the HTPASSWD command to modify the password

htpasswd-d D:\licang\passwd Yingzi

Htpasswd-b D:\licang\passwd Yingzi 5678

##################################################################################################

4. The above configuration of the whole based on the Apache level of account access control,

A. Create a whitelist, only (192.168.1.1, and 192.168.1.2) access to this directory

Add the following content to the. htaccess

Order deny,allow# (1)
Allow from 192.168.1.1 192.168.1.2# (2)
Deny from all# (3)
The Order of the #注意 (1), it is important, (2), (3) The order is not important, meaning is to deny all access first, and then see if the Allow in the understanding, if in the words, through

B. Create Blacklist, (192.168.1.1, and 192.168.1.2) cannot access this directory

Add the following content to the. htaccess

Order Allow,deny # (1)
Allow from all# (2)
Deny from 192.168.1.1 192.168.1.2# (3)
#注意 (1) The order, it is important that the truth of the same white list


Apache rewrite rule implementation White list

Today I got a half day of Apache rewrite rules, or no rules to match. After a colleague, studied for half an hour to get out, is very ashamed.

Demand:
Six-file entry, all others redirected to index

Own ideas:
The pattern of URLs that are not six files is identified and filtered.

Compare your colleagues ' results with your own thinking questions:
1. If you want to find out all the irregularities, the more you think, the more you will not be able to begin. ----------------thinking wrong, should make a white list,
2. Conceptual error, mistaken Request_uri and request_string conceptual basics are not strong.

Final results:

<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{request_uri} ^/$
Rewriterule ^/(. *)/index.asp$1 [L]
Rewritecond%{request_uri} ^/index.asp [Nc,or]
Rewritecond%{request_uri} ^/o.asp [Nc,or]
Rewritecond%{request_uri} ^/s.asp [Nc,or]
Rewritecond%{request_uri} ^/error.asp [Nc,or]
Rewritecond%{request_uri} ^/favicon.ico [Nc,or]
Rewritecond%{request_uri} ^/status.taobao [Nc,or]
Rewritecond%{request_uri} ^/app/thirdparty/webbox.asp [Nc,or]
Rewritecond%{request_uri} ^/static/[NC]
Rewriterule ^.*-[L]
Rewritecond%{request_uri}!^/index.asp$
Rewriterule ^.*? [F,l]
</IfModule>