[英]Apache: Restrict access to specific source IP inside virtual host
I have several named virtual hosts on the same apache server, for one of the virtual host I need to ensure only a specific set of IP addresses are allowed to access. 我在同一个apache服务器上有几个命名的虚拟主机,对于其中一个虚拟主机,我需要确保仅允许一组特定的IP地址被访问。
Please suggest the best way to do this. 请提出最佳方法。 I have looked at mod_authz_hosts module but it does not look like I can do it inside virtual host.
我看过mod_authz_hosts模块,但看起来好像不能在虚拟主机内完成。
The mod_authz_host
directives need to be inside a <Location>
or <Directory>
block but I've used the former within <VirtualHost>
like so for Apache 2.2: mod_authz_host
指令需要位于<Location>
或<Directory>
块中,但是我已经在<VirtualHost>
使用了前者,例如Apache 2.2:
<VirtualHost *:8080>
<Location />
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
...
</VirtualHost>
Reference: https://askubuntu.com/questions/262981/how-to-install-mod-authz-host-in-apache 参考: https : //askubuntu.com/questions/262981/how-to-install-mod-authz-host-in-apache
For Apache 2.4, you would use the Require IP directive . 对于Apache 2.4,您可以使用Require IP指令 。 So to only allow machines from the 192.168.0.0/24 network (range 192.168.0.0 - 192.168.0.255)
因此,仅允许来自192.168.0.0/24网络(范围192.168.0.0-192.168.0.255)的计算机
<VirtualHost *:80>
<Location />
Require ip 192.168.0.0/24
</Location>
...
</VirtualHost>
And if you just want the localhost machine to have access, then there's a special Require local directive . 而且,如果您只是希望localhost机器具有访问权限,则有一个特殊的Require local指令 。
The local provider allows access to the server if any of the following conditions is true:
如果满足以下任一条件,则本地提供程序将允许访问服务器:
- the client address matches 127.0.0.0/8
客户端地址匹配127.0.0.0/8
- the client address is ::1
客户地址是:: 1
- both the client and the server address of the connection are the same
连接的客户端和服务器地址都相同
This allows a convenient way to match connections that originate from the local host:
这提供了一种便捷的方式来匹配源自本地主机的连接:
<VirtualHost *:80>
<Location />
Require local
</Location>
...
</VirtualHost>
If you are using apache 2.2 inside your virtual host you should add following directive ( mod_authz_host ): 如果您在虚拟主机中使用apache 2.2,则应添加以下指令( mod_authz_host ):
Order deny,allow
Deny from all
Allow from 10.0.0.1
You can even specify a subnet 您甚至可以指定一个子网
Allow from 10.0.0
Apache 2.4 looks like a little different as configuration. Apache 2.4的配置看起来有些不同。 Maybe better you specify which version of apache are you using.
最好指定使用的是哪个版本的apache。
In Apache 2.4, the authorization configuration syntax has changed, and the Order
, Deny
or Allow
directives should no longer be used. 在Apache 2.4中,授权配置语法已更改,并且不应再使用
Order
, Deny
或Allow
指令。
The new way to do this would be: 执行此操作的新方法是:
<VirtualHost *:8080>
<Location />
Require ip 192.168.1.0
</Location>
...
</VirtualHost>
Further examples using the new syntax can be found in the Apache documentation: Upgrading to 2.4 from 2.2 在Apache文档中可以找到使用新语法的更多示例: 从2.2升级到2.4
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.