服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 在httpd.conf文件阻止规则中允许域
Intereting Posts
SUN X4250操作系统SuSe – ILOM IP? Apache最近在闲置时使用增加的CPU 将LDAP和GOsa-config迁移到新服务器 将一些IIS请求从一个IISredirect到networking上的另一个IIS rsync标记与时间戳完全相同的文件 审核Sharepoint文档库访问/更改 nginx服务器目录列表 保持两个vrrp_instance主/备份和另一个备份/主 Intel ICH10R上的ESXi RAID 如何读取和创build这种types的TCPDUMP IIS只能用主机名来提供请求 postfix远程mx 0.0.0.0循环 如何从运行Sun Blade 1500转储BIOS? 如何在KVM虚拟化Windows Server上运行启动修复? ntpq -p不打印预期的结果

在httpd.conf文件阻止规则中允许域

我有一个httpd.conf的“规则”来popup一个窗口,如果有人试图访问wordpress安装的任何域的wp-admin部分。 有了这个规则,我阻止了访问wp-admin文件夹的引导,并阻止暴力攻击。 

 # BEGIN BLOCK-WP-ADMIN-ATTACK <Files wp-login.php> AuthType basic AuthName "EN: Human Check - U: human P: letmein" AuthBasicProvider file AuthUserFile /home/wp-admin-attack-htpasswd-file Require valid-user ErrorDocument 401 "<center><h1>Warning!</h1>You failed to authenticate.<p><br />Extra security has been temporarily enabled due to an ongoing attack against WordPress logins on this server.<br /> <b>If you are a real user, please refresh the page and enter the username and password that are provided on the pop-up.</b><p>If you are still having troubles, please contact your hosting provider.</center>" </Files> # END BLOCK-WP-ADMIN-ATTACK #

这个规则是应该的,但现在我想“允许”一个域名,所以这个规则不适用于这个域名。

我想你应该可以使用SetEnvIf来做到这一点。 这是未经testing,但可能会指出你在正确的方向: 

 # set env ALLOWED if hostname is either example.com or # the client ip is 192.168.0.1 SetEnvIf Host example\.com ALLOWED SetEnvIf Remote_Addr 192.168.0.1 ALLOWED # if ALLOWED is not set display the password prompt <IfDefine !ALLOWED> <Files wp-login.php> AuthType basic AuthName "EN: Human Check - U: human P: letmein" AuthBasicProvider file AuthUserFile /home/wp-admin-attack-htpasswd-file Require valid-user ErrorDocument 401 "<center><h1>Warning!</h1>You failed to authenticate.<p><br />Extra security has been temporarily enabled due to an ongoing attack against WordPress logins on this server.<br /> <b>If you are a real user, please refresh the page and enter the username and password that are provided on the pop-up.</b><p>If you are still having troubles, please contact your hosting provider.</center>" </Files> </IfDefine>

我会坚持satisfy any 。 这是一个工作certificate的概念: 

 <Files wp-login.php> Satisfy Any Order deny,allow Deny from all Allow from example.org AuthType basic AuthName "EN: Human Check - U: human P: letmein" AuthBasicProvider file AuthUserFile /home/wp-admin-attack-htpasswd-file Require valid-user #ErrorDocument here </Files>

你可以使用satisfy any指令 

 <VirtualHost *:80> # [ Server Domain ] ServerName the.domaine.allowed # [ Server Root ] DocumentRoot /var/www/ # [ Pass Through Auth] <Files wp-login.php> satisfy any </Files> <VirtualHost>