Apache-2.2
無法配置 apache 以限制代理的 IP 訪問
我在我的 httpd.conf 中添加了以下內容(在 VirtualHost 之後):
<VirtualHost *:80> ServerName XXX.XXX.XXX <Directory proxy:> Order allow,deny Allow from 10.52.208.221 Allow from 10.52.208.223 Deny from all </Directory> ProxyPass / http://XXX.XXX.XXX/ RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/admin/$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </VirtualHost>
然而,我可以從其他 IP 訪問我的 VirtualHost:
# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago) # uname -a Linux XXXXX.XXXXX.XXX 2.6.32-358.18.1.el6.x86_64 #1 SMP Fri Aug 2 17:04:38 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux # httpd -V Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:15 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" # rpm -q httpd httpd-2.2.15-29.el6_4.x86_64 #
我從以下位置找到答案:mod_proxy - Apache HTTP Server並對其進行了測試(它有效!(TM)):
<Proxy *> Order deny,allow Deny from all Allow from 10.52.208.221 Allow from 10.52.208.223 </Proxy>
我相信您正在尋找的是:
<Directory proxy:> Order deny,allow Deny from all Allow from 10.52.208.221 Allow from 10.52.208.223 </Directory>
訂單的順序很重要:-)