Apache2.4 access control using the Require directive

Source: Internet
Author: User

Upgrade from Apache2.2 to Apache2.4, found that the original used to restrict some IP and garbage crawler access control rules do not work, the query only found that Apache2.4 began to use Mod_authz_ Host this new module for access control and other authorization checks. The original Order,allow,deny instructions used to implement website access control in the Apache2.2 version need to be replaced with the new require access control directives.

Note: When you use the Require directive, you need to add a <RequireAll></RequireAll> tag pair outside of the directive, otherwise the error will appear when you restart the Apache2.4 load rule: "Negative Require Directive have no effect in <RequireAny> directive ".

Some examples are given below to illustrate the use of require directives:

Example 1: Allow all access requests

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require all granted    

Example 2: Deny all Access requests

Configuration under Apache2.4:

<directory xxx/www/yoursite>
     <RequireAll>        Require all denied    </RequireAll> </Directory>

Example 3: Only access requests from a specific domain host are allowed, and other requests are rejected

Configuration under Apache2.4:

<directory xxx/www/yoursite>
     <RequireAll>        Require host google.com    </RequireAll> </Directory>

Example 4: Only access requests from a specific IP or IP segment are allowed, and other requests are rejected

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require IP 192.120 192.168.100 192.168.1.1    </ Requireall> </Directory>

Example 5: Allow all access requests, but deny access requests from specific IP or IP segments (block access to malicious IP or rogue crawler segments)

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require All granted        Require not IP 192.168.1.1        Require not IP 192.120 192.168.100    </RequireAll> </Directory>

Example 6: Allow all access requests, but deny access to certain user-agent (via user-agent block spam crawler)

Use Mod_setenvif to match the user-agent of a visiting request with a regular expression, set the internal environment variable Badbot, and finally deny the Badbot access request.

Configuration under Apache2.4:

<directory xxx/www/yoursite>     setenvifnocase user-agent ". * (feeddemon| jikespider| asktbfxtv| crawldaddy| feedly| Swiftbot| Zmeu|obot). * "Badbot    setenvifnocase user-agent" Brandwatch "Badbot setenvifnocase    user-agent" Rogerbot " Badbot    <RequireAll>        Require All granted        Require no env badbot        Require not IP 192.168.100.1    </RequireAll> </Directory>

Other require access control directives are used as follows:
Require all granted #允许所有Require all denied #拒绝所有Require env Env-var [Env-var] ... #允许匹配环境变量中任意一个Require method Http-metho  d [Http-method] ... #允许特定的HTTP方法 (get/post/head/options) Require expr expression #允许, the expression is truerequire user UserID [UserID] ... #允许特定用户Require group group-name [group-name] ... #允许特定用户组Require valid-user # #允许, active user require IP 192.100 192.168.100 192.168.100.5 #允许特定IP或IP段, use spaces between multiple IP or IP segments

Apache2.4 use require directives for access control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.