Apache-2.2

無法配置 apache 以限制代理的 IP 訪問

  • October 24, 2019

我在我的 httpd.conf 中添加了以下內容(在 VirtualHost 之後):

<VirtualHost *:80>
   ServerName XXX.XXX.XXX

   <Directory proxy:>
       Order allow,deny
       Allow from 10.52.208.221
       Allow from 10.52.208.223
       Deny from all
   </Directory>

   ProxyPass / http://XXX.XXX.XXX/

   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^/admin/$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

</VirtualHost>

然而,我可以從其他 IP 訪問我的 VirtualHost:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.4 (Santiago)
# uname -a
Linux XXXXX.XXXXX.XXX 2.6.32-358.18.1.el6.x86_64 #1 SMP Fri Aug 2 17:04:38 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux
# httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Aug  2 2013 08:02:15
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
 threaded:     no
   forked:     yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
# rpm -q httpd
httpd-2.2.15-29.el6_4.x86_64
# 

我從以下位置找到答案:mod_proxy - Apache HTTP Server並對其進行了測試(它有效!(TM)):

<Proxy *>
       Order deny,allow
       Deny from all
       Allow from 10.52.208.221
       Allow from 10.52.208.223
</Proxy>

我相信您正在尋找的是:

<Directory proxy:>
   Order deny,allow
   Deny from all
   Allow from 10.52.208.221
   Allow from 10.52.208.223
</Directory>

訂單的順序很重要:-)

引用自:https://serverfault.com/questions/546207