Apache 2.4要求ip不起作用
[英]Apache 2.4 Require ip not working
问题描述
Trying to go from older allow, deny, order syntax to the new one to secure WordPress admin section, but I can't get it to recognize my IP. 
尝试从较旧的允许,拒绝,订购语法更改为新的语法以保护WordPress管理员部分,但我无法识别它的IP。
This is what my .htaccess file contains in /wp-admin folder. 这是我的.htaccess文件包含在/wp-admin文件夹中的内容。
ErrorDocument 401 default
ErrorDocument 403 default
# Disallow access for everyone except these IPs
<RequireAny>
Require ip 50.153.218.4
</RequireAny>
# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
<RequireAll>
Require all granted
</RequireAll>
</Files>
And this is what I have in .htaccess in the root under the WordPress mod rewrite info. 这就是我在WordPress mod重写信息下的根目录下的.htaccess中拥有的内容。
# Protect WordPress
ErrorDocument 401 default
ErrorDocument 403 default
<Files wp-login.php>
<RequireAny>
Require ip 50.153.218.4
</RequireAny>
</Files>
But I just keep getting 403 Forbidden error. 但是我一直收到403 Forbidden错误。 When I add Require All Granted under the IP, it works fine, but that opens it up to every user. 当我在IP下添加Require All Granted时,它可以正常工作,但是向每个用户开放。 It seems like apache is just not reading my ip correctly? 看来apache只是无法正确读取我的ip? Anyone have any idea what I'm doing wrong? 有人知道我在做什么错吗?
1 个解决方案
解决方案1
5 已采纳 2015-04-04 23:43:32
Your syntax looks perfectly fine to me. 您的语法对我来说似乎很好。
The only reason I can think that apache might not be reading the user's IP correctly is if you're behind a proxy or load balancer. 我可以认为apache可能无法正确读取用户IP的唯一原因是,如果您位于代理或负载平衡器的后面。 If that is the case you would use X-Forwarded-For instead of ip . 如果是这种情况,则可以使用X-Forwarded-For代替ip 。 In PHP, you can confirm if you're behind a proxy by comparing $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] . 在PHP中,您可以通过比较$_SERVER['REMOTE_ADDR']和$_SERVER['HTTP_X_FORWARDED_FOR']来确定是否在代理后面。
If that is not the issue so you might have better luck finding an answer at ServerFault . 如果这不是问题,那么最好在ServerFault上找到答案。
I can offer you some workarounds though. 我可以为您提供一些解决方法。 The easiest solution may be to use one of several WordPress security plugins that allow you to restrict access to the backend by IP address. 最简单的解决方案可能是使用几个WordPress 安全插件之一 ,该插件可让您通过IP地址限制对后端的访问。
Alternatively, in your theme or in a plugin you can implement this same sort of authentication logic: 另外,您可以在主题或插件中实施这种相同的身份验证逻辑:
add_action('init', function() {
$allowed_ips = array('50.153.218.4');
if(is_admin() || $GLOBALS['pagenow'] == 'wp-login.php') {
if( !DOING_AJAX && !in_array($_SERVER['REMOTE_ADDR'], $allowed_ips) ) {
wp_die('', 'Forbidden' array(
'response' => 403
));
}
}
});
Update: From the comments it looks like there is a proxy involved. 更新:从评论看来,其中涉及一个代理。 This should work: 这应该工作:
ErrorDocument 401 default
ErrorDocument 403 default
SetEnvIF X-Forwarded-For "50.153.218.4" AllowIP
# Disallow access for everyone except these IPs
<RequireAny>
Require env AllowIP
</RequireAny>
# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
<RequireAll>
Require all granted
</RequireAll>
</Files>
and 和
# Protect WordPress
ErrorDocument 401 default
ErrorDocument 403 default
SetEnvIF X-Forwarded-For "50.153.218.4" AllowIP
<Files wp-login.php>
<RequireAny>
Require env AllowIP
</RequireAny>
</Files>
You should also be able to use a similar method using the "Allow, Deny" syntax. 您还应该能够使用“允许,拒绝”语法使用类似的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.