[英]Block/Allow from IP using DNS provider no-ip.org htaccess
I have a secure site (.htaccess = Deny from all) that I want to allow certain people access to 我有一个安全的网站(.htaccess =全部拒绝),我想允许某些人访问
However, they are using mobile laptops and have dynamics IPs allocated to them by the ISP 但是,他们使用的是便携式笔记本电脑,并且由ISP为其分配了动态IP。
So, I downloaded no-ip client which should give them a host which can resolve to an IP. 因此,我下载了no-ip客户端,该客户端应为它们提供可以解析为IP的主机。
However, when I put 但是,当我把
Allow from xxx.no-ip.org
in the .htaccess file, I still get the forbidden page. 在.htaccess文件中,我仍然获得禁止页面。
I have other fixed IP locations allowed - and working - and I have tested that xxx.no-ip.org resolves to the IP I want by using http://www.webyield.net/ipa.php . 我还有其他允许使用的固定IP地址-并且可以正常工作-我已经测试过xxx.no-ip.org通过使用http://www.webyield.net/ipa.php解析为我想要的IP。
Any ideas what I am doing wrong here? 有什么想法我在这里做错了吗?
Apache Allow
and Deny
rules use wildcards (eg, Allow from *.example.com
), and as such work on reverse DNS. Apache的“ Allow
和Deny
规则使用通配符(例如Allow from *.example.com
),因此可以在反向DNS上使用。 Your users' IP addresses are not reversing to the no-ip.org
address (they're probably resolving to something specific to the ISP), so Apache is denying them access. 您用户的IP地址不会转换为no-ip.org
地址(他们可能正在解析为ISP特定的地址),因此Apache拒绝了他们的访问。
You'd probably do best to just give them all usernames and passwords, and use HTTP authentication (via mod_authz_user or similar) to grant them access. 您可能最好向他们提供所有用户名和密码,并使用HTTP身份验证(通过mod_authz_user或类似方式)来授予他们访问权限。
This can be achieved by using a script (modify to suit your needs): 这可以通过使用脚本(根据您的需要进行修改)来实现:
#!/bin/bash
# Dynamic IP .htaccess file generator
# Written by Star Dot Hosting
# www.stardothosting.com
dynDomain="$1"
htaccessLoc="$2"
dynIP=$(/usr/bin/dig +short $dynDomain)
echo "dynip: $dynIP"
# verify dynIP resembles an IP
if ! echo -n $dynIP | grep -Eq "[0-9.]+"; then
exit 1
fi
# if dynIP has changed
if ! cat $htaccessLoc | /bin/grep -q "$dynIP"; then
# grab the old IP
oldIP=`cat /usr/local/bin/htold-ip.txt`
# output .htaccess file
echo "order deny,allow" > $htaccessLoc 2>&1
echo "allow from $dynIP" >> $htaccessLoc 2>&1
echo "allow from x.x.x.x" >> $htaccessLoc 2>&1
echo "deny from all" >> $htaccessLoc 2>&1
# save the new ip to remove next time it changes, overwriting previous old IP
echo $dynIP > /usr/local/bin/htold-ip.txt
fi
Than just cron it to generate a new line on the .htaccess file: 比只是将其克隆以在.htaccess文件上生成新行:
*/15 * * * * /bin/sh /usr/local/bin/.sh yourhostname.no-ip.org /var/www/folder/.htaccess > /dev/null 2>&1
Source: https://www.stardothosting.com 资料来源: https : //www.stardothosting.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.