在apache2.4版本之前做客户端访问控制,是用Allow Deny Order指令做访问控制的,而在2.4的版本上是用的用法跟之前的版本大不相同,如下 :
2.2的配置:拒绝
Order deny,allow
Deny from all
2.4的配置变为:
Require all denied
2.2的配置:允许
Order allow,deny
Allow from all
2.4上的配置变为:
Require all granted
apache2.4.16设置访问控制步骤如下:
测试使用wordpress目录;访问后台地址为wp-login.php;需要添加到
DocumentRoot “/data/wordpress”
ServerName www.rfyy.com
Require all granted
1、允许所有访问
Require all granted
2、拒绝所有访问
Require all denied
# curl -x127.0.0.1:80 http://www.rfyy.com/wp-login.php -I
HTTP/1.1 403 Forbidden
Date: Thu, 23 Jul 2015 09:29:36 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
3、允许指定ip或ip网段访问,白名单
允许指定ip访问
Require all granted
Require ip 192.168.4.17
允许指定ip网段访问
Require all granted
Require ip 192.168.4.0/24
使用curl测试为403,没有允许本地地址访问;windows浏览器可以访问;
# curl -x127.0.0.1:80 http://www.rfyy.com/wp-login.php -I
HTTP/1.1 403 Forbidden
Date: Thu, 23 Jul 2015 09:34:45 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
4、禁止指定ip访问,黑名单
需要添加
Require all granted
Require not ip 192.168.4.17
使用curl测试为200OK,浏览器访问为403,只禁止windows本地IP访问;
# curl -x127.0.0.1:80 http://www.rfyy.com/wp-login.php -I
HTTP/1.1 200 OK
Date: Thu, 23 Jul 2015 10:11:40 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8