Apache2.4 access control with require instructions – Allow or restrict IP access/prohibit unfriendly web crawler via User-agent

Upgrade from Apache2.2 to Apache2.4, found that the original used to restrict some IP and garbage crawler access control rules do not work, the query only found that Apache2.4 began to use Mod_authz_ Host this new module for access control and other authorization checks. The original Order,allow,deny instructions used to implement website access control in the Apache2.2 version need to be replaced with the new require access control directives.

Note: When using the Require directive, you need to add the <RequireAll></RequireAll> tag pair outside of the directive, otherwise the error will appear when you restart the Apache2.4 load rule: "negative Require directive have no effect in <RequireAny> directive ".

Some examples are given below to illustrate the use of require directives:

Example 1: Allow all access requests

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require all granted    </RequireAll> </ Directory>

Example 2: Deny all Access requests

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require all denied    </RequireAll> </ Directory>

Example 3: Only access requests from a specific domain host are allowed, and other requests are rejected

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require host google.com    </RequireAll> < /directory>

Example 4: Only access requests from a specific IP or IP segment are allowed, and other requests are rejected

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require IP 192.120 192.168.100 192.168.1.1    </ Requireall> </Directory>

Example 5: Allow all access requests, but deny access requests from specific IP or IP segments (block access to malicious IP or rogue crawler segments)

Configuration under Apache2.4:

<directory xxx/www/yoursite>     <RequireAll>        Require All granted        Require not IP 192.168.1.1        Require not IP 192.120 192.168.100    </RequireAll> </Directory>

Example 6: Allow all access requests, but deny access to certain user-agent (via user-agent block spam crawler)

Use Mod_setenvif to match the user-agent of a visiting request with a regular expression, set the internal environment variable Badbot, and finally deny the Badbot access request.

Configuration under Apache2.4:

<directory xxx/www/yoursite>     setenvifnocase user-agent ". * (feeddemon| jikespider| asktbfxtv| crawldaddy| feedly| Swiftbot| Zmeu|obot). * "Badbot    setenvifnocase user-agent" Brandwatch "Badbot setenvifnocase    user-agent" Rogerbot " Badbot    <RequireAll>        Require All granted        Require no env badbot        Require not IP 192.168.100.1    </RequireAll> </Directory>

Other require access control directives are used as follows:

Require all granted #允许所有Require all denied #拒绝所有Require env Env-var [Env-var] ... #允许匹配环境变量中任意一个Require method Http-metho  d [Http-method] ... #允许特定的HTTP方法 (get/post/head/options) Require expr expression #允许, the expression is truerequire user UserID [UserID] ... #允许特定用户Require group group-name [group-name] ... #允许特定用户组Require valid-user # #允许, active user require IP 192.100 192.168.100 192.168.100.5 #允许特定IP或IP段, use spaces between multiple IP or IP segments

Apache2.4 access control with require instructions – Allow or restrict IP access/prohibit unfriendly web crawler via User-agent