Apache 配置：如何限制对某些页面的非主机名请求？

Question

我会将您的 vhost 配置拆分为两个或更多 vhost。可以在一个 vhost 中完成所有操作，但我发现“分离的”配置更易于阅读和记录。

<VirtualHost *:80>
    # default match for port 80
    # matches domain set by ServerName (and possibly other domains unless specified in other vhosts)
    ServerName myhostname
    DocumentRoot "/app/www"

    <Location "/">
        # copied from your example. if not needed, you can remove this <Location/>-block.
        Options Indexes FollowSymLinks
        AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error-myhostname.log
    CustomLog ${APACHE_LOG_DIR}/access-myhostname.log combined
</VirtualHost>

<VirtualHost 1.2.3.4:80>
    # matches all requests to ip address and port
    DocumentRoot "/app/www"

    # initially: all requests forbidden
    <Location "/">
        # Options and AllowOverride copied from first vhost. remove if not needed.
        Options Indexes FollowSymLinks
        AllowOverride All

        Require all denied
    </Location>

    # allow access to everything below "/allowed/path/"
    <Location "/allowed/path/">
        Require all granted
    </Location>

    # use separate logfile
    ErrorLog ${APACHE_LOG_DIR}/error-1234.log
    CustomLog ${APACHE_LOG_DIR}/access-1234.log combined
</VirtualHost>

<VirtualHost *:*>
    # default match
    # fallback for any other ports/ip addresses/domains we might have forgotten/misconfigured
    DocumentRoot "/app/www"

    # all requests forbidden
    <Location "/">
        Require all denied
    </Location>

    # again, use separate logfile
    ErrorLog ${APACHE_LOG_DIR}/error-default.log
    CustomLog ${APACHE_LOG_DIR}/access-default.log combined
</VirtualHost>

Answer 1

我会将您的 vhost 配置拆分为两个或更多 vhost。可以在一个 vhost 中完成所有操作，但我发现“分离的”配置更易于阅读和记录。

<VirtualHost *:80>
    # default match for port 80
    # matches domain set by ServerName (and possibly other domains unless specified in other vhosts)
    ServerName myhostname
    DocumentRoot "/app/www"

    <Location "/">
        # copied from your example. if not needed, you can remove this <Location/>-block.
        Options Indexes FollowSymLinks
        AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error-myhostname.log
    CustomLog ${APACHE_LOG_DIR}/access-myhostname.log combined
</VirtualHost>

<VirtualHost 1.2.3.4:80>
    # matches all requests to ip address and port
    DocumentRoot "/app/www"

    # initially: all requests forbidden
    <Location "/">
        # Options and AllowOverride copied from first vhost. remove if not needed.
        Options Indexes FollowSymLinks
        AllowOverride All

        Require all denied
    </Location>

    # allow access to everything below "/allowed/path/"
    <Location "/allowed/path/">
        Require all granted
    </Location>

    # use separate logfile
    ErrorLog ${APACHE_LOG_DIR}/error-1234.log
    CustomLog ${APACHE_LOG_DIR}/access-1234.log combined
</VirtualHost>

<VirtualHost *:*>
    # default match
    # fallback for any other ports/ip addresses/domains we might have forgotten/misconfigured
    DocumentRoot "/app/www"

    # all requests forbidden
    <Location "/">
        Require all denied
    </Location>

    # again, use separate logfile
    ErrorLog ${APACHE_LOG_DIR}/error-default.log
    CustomLog ${APACHE_LOG_DIR}/access-default.log combined
</VirtualHost>

Apache 配置：如何限制对某些页面的非主机名请求？

答案1

相关内容