在httpd.conf文件中允许域阻止规则

Question 1

我认为你应该能够使用SetEnvIf执行此操作。这尚未经过测试，但可能会为您指明正确的方向：

# set env ALLOWED if hostname is either example.com or
# the client ip is 192.168.0.1
SetEnvIf Host example\.com ALLOWED
SetEnvIf Remote_Addr 192.168.0.1 ALLOWED

# if ALLOWED is not set display the password prompt
<IfDefine !ALLOWED>
  <Files wp-login.php>
    AuthType basic
    AuthName "EN: Human Check - U: human P: letmein"
    AuthBasicProvider file
    AuthUserFile /home/wp-admin-attack-htpasswd-file
    Require valid-user
    ErrorDocument 401 "<center><h1>Warning!</h1>You failed to authenticate.<p><br />Extra security has been temporarily enabled due to an ongoing attack against Wordpress logins on this server.<br /> <b>If you are a real user, please refresh the page and enter the username and password that are provided on the pop-up.</b><p>If you are still having troubles, please contact your hosting provider.</center>"
  </Files>
</IfDefine>

Answer

我认为你应该能够使用SetEnvIf执行此操作。这尚未经过测试，但可能会为您指明正确的方向：

# set env ALLOWED if hostname is either example.com or
# the client ip is 192.168.0.1
SetEnvIf Host example\.com ALLOWED
SetEnvIf Remote_Addr 192.168.0.1 ALLOWED

# if ALLOWED is not set display the password prompt
<IfDefine !ALLOWED>
  <Files wp-login.php>
    AuthType basic
    AuthName "EN: Human Check - U: human P: letmein"
    AuthBasicProvider file
    AuthUserFile /home/wp-admin-attack-htpasswd-file
    Require valid-user
    ErrorDocument 401 "<center><h1>Warning!</h1>You failed to authenticate.<p><br />Extra security has been temporarily enabled due to an ongoing attack against Wordpress logins on this server.<br /> <b>If you are a real user, please refresh the page and enter the username and password that are provided on the pop-up.</b><p>If you are still having troubles, please contact your hosting provider.</center>"
  </Files>
</IfDefine>

Question 2

我会坚持satisfy any。这是一个可行的概念验证：

<Files wp-login.php>
            Satisfy Any

            Order deny,allow
            Deny from all
            Allow from example.org

            AuthType basic
            AuthName "EN: Human Check - U: human P: letmein"
            AuthBasicProvider file
            AuthUserFile /home/wp-admin-attack-htpasswd-file
            Require valid-user
            #ErrorDocument here
</Files>

Answer

我会坚持satisfy any。这是一个可行的概念验证：

<Files wp-login.php>
            Satisfy Any

            Order deny,allow
            Deny from all
            Allow from example.org

            AuthType basic
            AuthName "EN: Human Check - U: human P: letmein"
            AuthBasicProvider file
            AuthUserFile /home/wp-admin-attack-htpasswd-file
            Require valid-user
            #ErrorDocument here
</Files>

Question 3

您可以使用satisfy any指令

<VirtualHost *:80>
# [ Server Domain ]
ServerName the.domaine.allowed
# [ Server Root ]
DocumentRoot /var/www/
# [ Pass Through Auth]
<Files wp-login.php>
satisfy any
</Files>    
<VirtualHost>

Answer

您可以使用satisfy any指令

<VirtualHost *:80>
# [ Server Domain ]
ServerName the.domaine.allowed
# [ Server Root ]
DocumentRoot /var/www/
# [ Pass Through Auth]
<Files wp-login.php>
satisfy any
</Files>    
<VirtualHost>

在httpd.conf文件中允许域阻止规则

答案1

答案2

答案3

相关内容