服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无法configurationApache以限制IP代理访问
Intereting Posts
完全自动化的软件部署和更新系统 如何在SQL Server 2005的表中pipe理超过1000000行 MySQL打开文件限制 跨networking的VLAN和接口成员资格 如何在Windows中限制用户的访问权限 服务器与2个网卡/子网,不能让networking互相交谈 实时转码多个RTMPstream 思科IPv6代理arp像IPv4一样 用awk和grep从apache日志中获取一些意义 DataCenterauthentication iptables“主机/networking未find” Plesk VDS和godaddy上的DNS 如何使用Powershell 2 Get-WmiObject在Windows Server 2008 R2上查找SQL Server Reporting Services(SQL2008)的实例 Apache localhost工作得很好,除了PHP没有响应 Windows Azure Linux VM,teredo隧道和squid代理

无法configurationApache以限制IP代理访问

我在httpd.conf中添加了以下内容(在VirtualHost之后): 

<VirtualHost *:80> ServerName XXX.XXX.XXX <Directory proxy:> Order allow,deny Allow from 10.52.208.221 Allow from 10.52.208.223 Deny from all </Directory> ProxyPass / http://XXX.XXX.XXX/ RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/admin/$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </VirtualHost>

但是,我可以从其他IP访问我的VirtualHost: 

 # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago) # uname -a Linux XXXXX.XXXXX.XXX 2.6.32-358.18.1.el6.x86_64 #1 SMP Fri Aug 2 17:04:38 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux # httpd -V Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:15 Server's Module Magic Number: 20051115:25 Server loaded: APR 1.3.9, APR-Util 1.3.9 Compiled using: APR 1.3.9, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" # rpm -q httpd httpd-2.2.15-29.el6_4.x86_64 #

我find了答案: mod_proxy – Apache HTTP服务器 ,我testing它(它工作!(TM)): 

 <Proxy *> Order deny,allow Deny from all Allow from 10.52.208.221 Allow from 10.52.208.223 </Proxy>

我相信你在找什么: 

 <Directory proxy:> Order deny,allow Deny from all Allow from 10.52.208.221 Allow from 10.52.208.223 </Directory>

订单的顺序很重要:-)

如果你想限制你代理网站的某些path,下面的configuration可能会得心应手。

我已经在一个规则中包含了一个IP和一个子网,对于那些需要允许整个子网而不是一组单一IP的人来说。 

 <Location /foo> Deny from all // **This rule is the most IMPORTANT** Allow from 192.168.1.2 10.100 // The second value implies 10.100.0.0/16 subnet ProxyPass http://example.com/foo ProxyPassReverse http://example.com/foo </Location>