每个站点或论坛都会有后台管理目录,当普通用户尝试登陆时需要Fobidden一下,或者后台只允许在公司才可以登录管理或者指定的IP可以。不允许随随便就就如咱们的后台!
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/test3.com"
ServerName www.test3.com
<Directory /data/wwwroot/test3.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
<Directory /data/wwwroot/test3.com>
SetEnvIfNoCase Referer "http://test3.com" local_ref
SetEnvIfNoCase Referer "http://test3.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
ErrorLog "logs/haha.com-error_log"
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/test3.com-access_%Y%m%d.log 86400" combined env=!img
</VirtualHost>
如上定义当访问admin.php的时候,首先有个order顺序(一定要注意先后关系,不同的顺序结果也是不一样的),先拒绝,再次允许,允许咱们本地电脑可以登录后台管理页面!这里是按照order顺序来执行
然后我们在站点目录中创建一个admin目录在admin目录中创建一个admin.php
测试+重载(-t;graceful)
[[email protected] haha.com]# curl -x127.0.0.1:80 www.haha.com/admin/index.php
123123123
使用本地IP是可以访问到
[[email protected] haha.com]# curl -x192.168.230.128:80 www.haha.com/admin/index.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /admin/index.php
on this server.<br />
</p>
</body></html>
然后再次使用其他的IP地址测试,是不可以的!
查询日志看一下:
192.168.230.128 - - [02/Aug/2017:22:25:16 +0800] "GET HTTP://www.test3.com/admin/index.php HTTP/1.1" 403 224 "-" "curl/7.29.0"
192.168.230.128 - - [02/Aug/2017:22:31:46 +0800] "GET HTTP://www.test3.com/admin/ HTTP/1.1" 403 215 "-" "curl/7.29.0"
修改配置文件如下:(根据上面修改的)
<Directory /data/wwwroot/test3.com>
<FilesMatch admin.php>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
</Directory>
测试:
使用本地IP是完全可以登录自定义的页面,使用其它的则不可!
[[email protected] test3.com]# curl -x127.0.0.1:80 www.test3.com/admin.php -I
HTTP/1.1 200 OK
Date: Wed, 02 Aug 2017 15:17:05 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] test3.com]# curl -x192.168.230.128:80 www.test3.com/admin.php -I
HTTP/1.1 403 Forbidden
Date: Wed, 02 Aug 2017 15:17:23 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1