Category: LINUX Apache access settings configuration

Source: Internet
Author: User

Category: LINUX

Asked about Apache access control during an interview. Since the previous access control of Apache was implemented through Iptalbes, there was no actual operation of access control on Apache. So I only know a general: in the main configuration file in the directory section through allow, deny and other instructions to achieve. Although the answer is also correct, but after all did not operate, the mentality is not the end. So the Apache access control detailed operation is recorded today. For later use. apache2.2 is through the module Mod_authz_hostTo implement access control. In version 2.0, this module is called mod_access。 The following is an introduction to the apache2.2 version: principle ArticleApache Module Mod_authz_host
Description Provides access control based on host name, IP address, request characteristics
State Basic (B)
Module name Authz_host_module
source file MOD_AUTHZ_HOST.C (MOD_ACCESS.C in version 2.0)
Compatibility Available only in Apache 2.1 and later versions
The instructions for the Mod_authz_host module are used in the <Directory> <Files> <Location> segment and in the. htaccess file to control access to specific portions of the server. The Allow and deny directives indicate that those clients are allowed and those clients are not allowed access to the server. and OrderDirective sets the default access state and configures AllowAnd DenyHow the instructions interact. Operation ChapterFirst, check whether Apache supports module mod_authz_host, and if not, recompile the installation to support this module.
[Email protected] conf]#/usr/local/edsv/apache/bin/apachectl-l | grep mod_authz_host.c
Mod_authz_host.c
Then set the Apache access control. The following is an example of <Directory> in the main configuration file: For example, access control for the default Web site. The default Web site DocumentRoot is/usr/local/edsv/apache/htdocs to allow everyone access, only one IP or IP segment access is denied:<directory "/usr/local/edsv/apache/htdocs" > Order allow,deny allow from any deny from 10.112.5.137 </direc Tory> to deny access to everyone, only one IP or segment is allowed. <directory "/usr/local/edsv/apache/htdocs" > Order deny,allow deny from all to allow from 10.112.5.195 </di Rectory> to set the default access status for a Web site: <Directory /www>
Order Allow,Deny
</Directory>

这样将会禁止所有对/www目录的访问,因为默认状态将被设置为拒绝。

Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org

以上设置apache.org域中所有主机,除了foo.apache.org子域包含的主机被拒绝以外,其他都允许访问。而所有不在apache.org域中的主机都不允许访问,因为默认状态是拒绝对服务器的访问。

参考资料:http://man.chinaunix.net/newsoft/ApacheMenual_CN_2.2new/mod/mod_authz_host.html

Category: LINUX Apache access settings configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.