Apache httpd“需要 ip”不起作用

tag-icon tag-icon apache-2.4
Apache httpd“需要 ip”不起作用

是的,关于 Apache httpd 和“需要 ip”的另一个问题。我想使用“需要 IP”来限制访问,因为我需要使用 httpd 运行一些 vhost 配置。

我尝试了各种版本的配置,但都不起作用。这是我第 20 次尝试,所以请忽略一些“不太好”的选项,专注于“需要 IP”部分。

操作系统:EL 7
httpd:2.4.6
SELinux:允许用于测试目的

根据“httpd -M”加载的模块:

Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 allowmethods_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_anon_module (shared)
 authn_core_module (shared)
 authn_dbd_module (shared)
 authn_dbm_module (shared)
 authn_file_module (shared)
 authn_socache_module (shared)
 authz_core_module (shared)
 authz_dbd_module (shared)
 authz_dbm_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_owner_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cache_module (shared)
 cache_disk_module (shared)
 data_module (shared)
 dbd_module (shared)
 deflate_module (shared)
 dir_module (shared)
 dumpio_module (shared)
 echo_module (shared)
 env_module (shared)
 expires_module (shared)
 ext_filter_module (shared)
 filter_module (shared)
 headers_module (shared)
 include_module (shared)
 info_module (shared)
 log_config_module (shared)
 logio_module (shared)
 mime_magic_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 remoteip_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 slotmem_plain_module (shared)
 slotmem_shm_module (shared)
 socache_dbm_module (shared)
 socache_memcache_module (shared)
 socache_shmcb_module (shared)
 status_module (shared)
 substitute_module (shared)
 suexec_module (shared)
 unique_id_module (shared)
 unixd_module (shared)
 userdir_module (shared)
 version_module (shared)
 vhost_alias_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
 lua_module (shared)
 mpm_prefork_module (shared)
 proxy_module (shared)
 lbmethod_bybusyness_module (shared)
 lbmethod_byrequests_module (shared)
 lbmethod_bytraffic_module (shared)
 lbmethod_heartbeat_module (shared)
 proxy_ajp_module (shared)
 proxy_balancer_module (shared)
 proxy_connect_module (shared)
 proxy_express_module (shared)
 proxy_fcgi_module (shared)
 proxy_fdpass_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_scgi_module (shared)
 proxy_wstunnel_module (shared)
 systemd_module (shared)
 cgi_module (shared)

/etc/httpd/conf/httpd.conf 的内容:

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName myhost.example.com:80
DocumentRoot "/var/www/html"

<Directory />
    AllowOverride none
    Require all denied
</Directory>
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    <IfModule mod_authz_core.so>
    <RequireAny>
        Require ip 1.2.3.4/32
    </RequireAny>
    </IfModule>
    Options Indexes FollowSymLinks
    AllowOverride All
</Directory>
    
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
   ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>  

EnableSendfile on
IncludeOptional conf.d/*.conf

/etc/httpd/conf.d/vhost1.conf的内容:

<VirtualHost someFQDN.example.com:80>
        VirtualDocumentRoot "/var/www/html"
        ServerName someFQDN.example.com
        ErrorLog "logs/error_log"
        CustomLog "logs/access_log" combined
        HostnameLookups Off
        UseCanonicalName Off
</VirtualHost>

<Directory /var/www/html>
        <IfModule mod_authz_core.so>
         <RequireAny>
                Require ip 1.2.3.4/32
         </RequireAny>
        </IfModule>
        Options +Indexes
        AllowOverride none
</Directory>

mod_authz_core 的路径和名称:

/usr/lib64/httpd/modules/mod_authz_core.so

如果我尝试访问 vhost1,我会得到页面而不是拒绝。
如果我尝试明确阻止我的 IP,我会得到页面而不是拒绝。
我尝试过使用/不使用“IfModule”,使用/不使用“RequireAny”,使用“mod_authz_core.c”
和“authz_core_module”作为“IfModule”,以及使用所有这些选项的各种混合版本

文档和其他帖子中的提示也无济于事。
目前我有点迷茫,不知道应该从哪个角落开始
解决这个问题。

有人发现我的配置有问题吗?

答案1

睡了一夜之后我重新回到原点并
查看了 httpd 的文档。

再次阅读后,我发现,他们为 httpd 2.4 使用模块名称“authz_host_module”。
编辑了我的配置,它突然就正常工作了。

例子:

<VirtualHost someFQDN.example.com:80>
        VirtualDocumentRoot "/var/www/html"
        ServerName someFQDN.example.com
        ErrorLog "logs/error_log"
        CustomLog "logs/access_log" combined
        HostnameLookups Off
        UseCanonicalName Off </VirtualHost>

<Directory /var/www/html>
        <IfModule authz_host_module>
         <RequireAny>
                Require ip 1.2.3.4/32
         </RequireAny>
        </IfModule>
        Options +Indexes
        AllowOverride none
</Directory>

我希望这会对将来的某人有所帮助。

相关内容