是的,关于 Apache httpd 和“需要 ip”的另一个问题。我想使用“需要 IP”来限制访问,因为我需要使用 httpd 运行一些 vhost 配置。
我尝试了各种版本的配置,但都不起作用。这是我第 20 次尝试,所以请忽略一些“不太好”的选项,专注于“需要 IP”部分。
操作系统:EL 7
httpd:2.4.6
SELinux:允许用于测试目的
根据“httpd -M”加载的模块:
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared)
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
systemd_module (shared)
cgi_module (shared)
/etc/httpd/conf/httpd.conf 的内容:
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName myhost.example.com:80
DocumentRoot "/var/www/html"
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
<IfModule mod_authz_core.so>
<RequireAny>
Require ip 1.2.3.4/32
</RequireAny>
</IfModule>
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
/etc/httpd/conf.d/vhost1.conf的内容:
<VirtualHost someFQDN.example.com:80>
VirtualDocumentRoot "/var/www/html"
ServerName someFQDN.example.com
ErrorLog "logs/error_log"
CustomLog "logs/access_log" combined
HostnameLookups Off
UseCanonicalName Off
</VirtualHost>
<Directory /var/www/html>
<IfModule mod_authz_core.so>
<RequireAny>
Require ip 1.2.3.4/32
</RequireAny>
</IfModule>
Options +Indexes
AllowOverride none
</Directory>
mod_authz_core 的路径和名称:
/usr/lib64/httpd/modules/mod_authz_core.so
如果我尝试访问 vhost1,我会得到页面而不是拒绝。
如果我尝试明确阻止我的 IP,我会得到页面而不是拒绝。
我尝试过使用/不使用“IfModule”,使用/不使用“RequireAny”,使用“mod_authz_core.c”
和“authz_core_module”作为“IfModule”,以及使用所有这些选项的各种混合版本
。
文档和其他帖子中的提示也无济于事。
目前我有点迷茫,不知道应该从哪个角落开始
解决这个问题。
有人发现我的配置有问题吗?
答案1
睡了一夜之后我重新回到原点并
查看了 httpd 的文档。
再次阅读后,我发现,他们为 httpd 2.4 使用模块名称“authz_host_module”。
编辑了我的配置,它突然就正常工作了。
例子:
<VirtualHost someFQDN.example.com:80>
VirtualDocumentRoot "/var/www/html"
ServerName someFQDN.example.com
ErrorLog "logs/error_log"
CustomLog "logs/access_log" combined
HostnameLookups Off
UseCanonicalName Off </VirtualHost>
<Directory /var/www/html>
<IfModule authz_host_module>
<RequireAny>
Require ip 1.2.3.4/32
</RequireAny>
</IfModule>
Options +Indexes
AllowOverride none
</Directory>
我希望这会对将来的某人有所帮助。