Apache如何禁止通过非指定域名或IP访问服务器-下一朵云
图1 禁止非指定域名IP访问

Apache/httpd禁止非指定域名或IP访问,仅允许指定域名访问:

一、具体配置如下,修改httpd.conf或者修改vhost配置文件添加如下内容

<VirtualHost *:80>
    documentRoot "/var/www/html/"
    #ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
        <Location />
            AllowOverride None
            Require all denied
        </Location>

    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName test.orcy.net.cn

    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>


BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

二、如果站点开启了ssl则配置如下

只需要添加ssl证书路径

<VirtualHost *:80>
    documentRoot "/var/www/html/"
    #ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
        <Location />
            AllowOverride None
            Require all denied
        </Location>
    SSLEngine on

    SSLProtocol all -SSLv3
    SSLProxyProtocol all -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite PROFILE=SYSTEM
    SSLProxyCipherSuite PROFILE=SYSTEM

    SSLCertificateFile /cert/test.crt #替换为你自己的证书路径
    SSLCertificateKeyFile /cert/test.key #替换为你自己的证书路径
    SSLCACertificateFile /cert/test_ca.crt #替换为你自己的证书路径

    ErrorLog logs/error_log
    TransferLog logs/access_log
    LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
####省略####
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。