First confirm that the HTTPD service is installed and that it will function properly.
[[email protected] ~]# NETSTAT-UTPLN |grep httpdtcp 0 0::: +:::* LISTEN 7334/HTTPD [[email protected] ~]#
Restrict IP address access to specified Web pages, such as our Administration page, so that everyone can see, will disclose information
1: Restrict the way the IP controls Web Access permissions:
(1) Modify the httpd master configuration file/usr/local/httpd/conf/httpd.conf. I am compiling the installation, the specific location also depends on the personal installation location.
The contents of the configuration file will vary depending on the installation method yum or compile, the number of rows configured is different, note
428 <directory "/usr/local/awstats/wwwroot" > # #限制资源的路径429 Options None 430 allowoverride None431 Or Der Allow,deny # #先允许后拒绝, default deny 432 allow from 192.168.100.10 # #白名单, write here IP address or network segment allows access to restricted resources 433 </Directory>
(2) Restart service:
[Email protected] ~]#/etc/init.d/httpd restarthttpd is restart ok! [Email protected] ~]#
(3) Access verification:
First Test on the Vmnet1 NIC with IP address 192.168.100.10:
Test 192.168.100.150/index.html access to normal 650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/9E/88/ Wkiol1ms6zhcy-5qaabjdb5bscw352.png "style=" Float:none; "title=" 1.png "alt=" wkiol1ms6zhcy-5qaabjdb5bscw352.png "/ >
Test Log Analysis Platform: access to normal
650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/88/wKioL1mS6ZHTDWTvAAGUNCVBd04054.png "style=" float : none; "title=" 2.png "alt=" Wkiol1ms6zhtdwtvaaguncvbd04054.png "/>
Switch the VMNET1 network card to any IP address other than 192.168.100.10 test: I tune into 192.168.100.200
First Access 192.168.100.150/index.html access OK
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9E/9A/wKiom1mS6n-S8eB9AABFFQabRGw647.png "style=" float : none; "title=" 3.png "alt=" Wkiom1ms6n-s8eb9aabffqabrgw647.png "/>
Access 192.168.100.150/aws.html Log Analysis system found no access
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9E/88/wKioL1mS6n_ygsnbAABk1bepRQU038.png "style=" float : none; "title=" 4.png "alt=" Wkiol1ms6n_ygsnbaabk1beprqu038.png "/>
This is to limit the way IP, limit our sensitive resources are not accessed, thereby improving security performance. We can also improve security through user account password authentication method.
2: Control of authentication Mode permission:
(1) Create the authenticated user and password:
HTPASSWD is the tool that comes with the Apache service when it is installed, generating authenticated user and password information
The
format is: htpasswd-c build location Authenticated Users # #第一次生成带 -c is not required
When the consciousness of the formatted input is added again
[[email protected] ~]# htpasswd-c/usr/local/httpd/conf/htpasswd Admin # #生成认证的用户New Password: # #填写密码Re-type new pas Sword: # #确认密码Adding password for user admin[[email protected] ~]# htpasswd/usr/local/httpd/conf/htpasswd User # #再添加时候 , no need to add-C new password:re-type new password:adding password for user user[[email protected] ~]# Cat/usr/local/httpd/con F/HTPASSWD admin:diyknerqxv0rwuser:yfy65he3syne2# #将生成的认证信息 added to the group. This group has access to restricted pages [[email protected] ~]# vi/usr/local/httpd/conf/htgroups[[email protected] ~]# cat/usr/local/httpd/ Conf/htgroupsadministrator:admin
(2) Modify the configuration file:
Modify HTTPD's master profile to support authentication files for verification
vi /usr/local/httpd/conf/httpd.conf 428 <Directory "/usr/local/ Awstats/wwwroot "> 429 Options None 430 AllowOverride None 431 Order allow,deny 432 Allow from 192.168.100.10 433 authtype basic 434 AuthName "Log analysis system" # #登录时提示的信息 435 AuthBasicProvider file # #指定认证用户文件 436 authuserfile /usr/ local/httpd/conf/htpasswd #认证用户文件位置 437 Authgroupfile /usr/local/httpd/conf/htgroups # #认证用户组 438 require group administrator # #认证组的名字 439 </ Directory>
(3) Restart service:
[Email protected] ~]#/etc/init.d/httpd restarthttpd is restart ok!
(4) Test:
The IP address of the current test machine is 192.168.100.200
Access 192.168.100.150/index.html Normal access
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/9A/wKiom1mS8djAzjZ_AABKs-XK1pk170.png "style=" float : none; "title=" 11.png "alt=" Wkiom1ms8djazjz_aabks-xk1pk170.png "/>
Access 192.168.100.150/aws.html is inaccessible because we have previously set a policy that restricts IP.
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9E/88/wKioL1mS8diDl0bsAABgd2xCm3o759.png "style=" float : none; "title=" 22.png "alt=" Wkiol1ms8didl0bsaabgd2xcm3o759.png "/>
Now switch the IP address of the test host to 192.168.100.10
Visit 192.168.100.150/index.html
Access to normal
650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/9E/89/wKioL1mS8qWQrQkKAABKs-XK1pk897.png "style=" float : none; "title=" 11.png "alt=" Wkiol1ms8qwqrqkkaabks-xk1pk897.png "/>
Visit 192.168.100.150/aws.html
Need to verify:
Enter the authentication user and password:
650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9E/9A/wKiom1mS8qaxBTFcAACglUfLgMA020.png "style=" float : none; "title=" 33.png "alt=" Wkiom1ms8qaxbtfcaacgluflgma020.png "/>
Arrival Log Analysis Interface Access normal
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9E/89/wKioL1mS8yjhLJPmAAG36skmma0584.png "title=" Ss.png "alt=" Wkiol1ms8yjhljpmaag36skmma0584.png "/>
This article is from the "longing for Technology small white" blog, please make sure to keep this source http://lesliecheung.blog.51cto.com/12622169/1956566
Web Access Control