我一直试图通过Apache2 2.2.22来阻止在Ubuntu 13.04上访问WordPress wp-admin和wp-includes目录。 首先,我尝试使用.htaccess,由于某种原因,它不能正常工作,但在阅读Apache Docs时,他们build议不要。 所以我改变了他们的build议,把它放在conf文件的<directory>部分。 你能看到我在这里做错了吗?
以下是我的vserver.conf文件。
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/domain/ ServerName domain.com ServerAlias www.domain.com <Directory "/var/www/domain/"> # WordPress Permalink Configuration # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # wp-include rules remove if multisite RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> # END WordPress Options FollowSymLinks Order allow,deny allow from all </Directory> <Directory "/var/www/domain/wp-admin"> Order Deny,Allow Deny from all # whitelist server IP for use with SSH tunel Allow from 192.168.0.1 # whitelist home IP address Allow from 192.168.1.1 </Directory> <Directory "/var/www/domain/wp-content/plugins/akismet"> Order Deny,Allow Deny from all <FilesMatch "^akismet\.(css|js)$"> Allow from all </FilesMatch> </Directory> ErrorLog ${APACHE_LOG_DIR}/error-domain.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access-domain.log combined </VirtualHost>
另外在apache2.conf中有防止访问.htaccess的规则,但是我仍然可以从浏览器访问文件。
AccessFileName .htaccess # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files>
在conf.d / security中有一条规则来防止访问版本控制,而不是404或403,而这个版本控制会产生500错误
# Forbid access to version control directories # # If you use version control systems in your document root, you should # probably deny access to their directories. For example, for git: # <DirectoryMatch "/\.git"> Require all denied </DirectoryMatch>
这里是可用的mods:
actions authn_alias authn_file authz_host cern_meta dav_fs disk_cache fcgid imagemap mem_cache php5_cgi proxy_ftp setenvif suexec alias authn_anon authnz_ldap authz_owner cgi dav_lock dump_io file_cache include mime proxy proxy_http speling unique_id asis authn_dbd authz_dbm authz_user cgid dbd env filter info mime_magic proxy_ajp proxy_scgi ssl userdir auth_basic authn_dbm authz_default autoindex charset_lite deflate expires headers ldap negotiation proxy_balancer reqtimeout status usertrack auth_digest authn_default authz_groupfile cache dav dir ext_filter ident log_forensic php5 proxy_connect rewrite substitute vhost_alias
而mods启用:
actions.conf alias.conf authz_host.load deflate.conf dir.conf env.load headers.load mime.load php5.load reqtimeout.load setenvif.conf status.conf actions.load alias.load cgi.load deflate.load dir.load expires.load mime.conf php5.conf reqtimeout.conf rewrite.load setenvif.load status.load
正如你可以看到没有可用的mod_access。
是mod_access启用? http://httpd.apache.org/docs/2.0/mod/mod_access.html
在我头顶,我猜测事实并非如此。 真奇怪 我见过的大多数Apache版本都带有mod_access
您可以通过指定DirectoryIndex来保护您的目录
<Directory somepath/wp-admin> DirectoryIndex /pathtosomefilesay/404.html </Directory>
所以在上面的情况下,每当你尝试超出wp-admin目录时,它总会返回404.html 。 你也可以指定谁允许。 希望这可以帮助