主页 / server / 问题 / 950327
Accepted
Tobia
Asked: 2019-01-23 23:57:17 +0800 CST

Apache 配置:如何将非主机名请求限制到某些页面?

  • 772

我的 Apache 服务器有一个虚拟主机配置:

<VirtualHost *:80>
    DocumentRoot "/app/www"
    ServerName myhostname
    <Directory "/app/www">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

我想只允许访问myhostname作为主机名的请求。但我想拒绝主机名或服务器 IP 发出的所有其他请求:

http://myhostiname/ ALLOW
http://1.2.3.4/ (this is one of the server ip addresses) DENY

我的虚拟主机配置按预期工作。

现在我必须编辑配置以让用户通过 ip 访问一个特定路径,因为客户端无法解析本地主机名。

这是一个例子:

http://myhostiname ALLOW
http://1.2.3.4/ DENY
http://1.2.3.4/any/path DENY
http://1.2.3.4/allowed/path ALLOW
http://1.2.3.4/allowed/path/subpath ALLOW

我在新的虚拟主机中尝试了该<Location>元素:

<VirtualHost 0.0.0.0:80>
    DocumentRoot "/app/www"
    <Directory "/app/www">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    <Location "/">
      AllowOverride None
      Order Deny,Allow
      Deny from all
    </Location>
    <Location "^/allowed">
      Allow from all
    </Location> 
</VirtualHost>

但这拒绝了除了主机名请求之外的所有内容。我错过了什么?

apache-2.4

1 个回答

  1. Best Answer

    我会将您的虚拟主机配置拆分为两个或更多虚拟主机。可以在一个虚拟主机中完成所有操作,但我发现“分离的”配置更易于阅读和记录。

    <VirtualHost *:80>
    # default match for port 80
    # matches domain set by ServerName (and possibly other domains unless specified in other vhosts)
    ServerName myhostname
    DocumentRoot "/app/www"

    <Location "/">
        # copied from your example. if not needed, you can remove this <Location/>-block.
        Options Indexes FollowSymLinks
        AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error-myhostname.log
    CustomLog ${APACHE_LOG_DIR}/access-myhostname.log combined
</VirtualHost>

<VirtualHost 1.2.3.4:80>
    # matches all requests to ip address and port
    DocumentRoot "/app/www"

    # initially: all requests forbidden
    <Location "/">
        # Options and AllowOverride copied from first vhost. remove if not needed.
        Options Indexes FollowSymLinks
        AllowOverride All

        Require all denied
    </Location>

    # allow access to everything below "/allowed/path/"
    <Location "/allowed/path/">
        Require all granted
    </Location>

    # use separate logfile
    ErrorLog ${APACHE_LOG_DIR}/error-1234.log
    CustomLog ${APACHE_LOG_DIR}/access-1234.log combined
</VirtualHost>

<VirtualHost *:*>
    # default match
    # fallback for any other ports/ip addresses/domains we might have forgotten/misconfigured
    DocumentRoot "/app/www"

    # all requests forbidden
    <Location "/">
        Require all denied
    </Location>

    # again, use separate logfile
    ErrorLog ${APACHE_LOG_DIR}/error-default.log
    CustomLog ${APACHE_LOG_DIR}/access-default.log combined
</VirtualHost>
    • 1

相关问题