Apache/httpd
禁止非指定域名或IP访问,仅允许指定域名访问:
一、具体配置如下,修改httpd.conf
或者修改vhost配置文件
,添加如下内容:
<VirtualHost *:80>
documentRoot "/var/www/html/"
#ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
<Location />
AllowOverride None
Require all denied
</Location>
ErrorLog logs/error_log
TransferLog logs/access_log
LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName test.orcy.net.cn
ErrorLog logs/error_log
TransferLog logs/access_log
LogLevel warn
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
二、如果站点开启了ssl则配置如下
只需要添加ssl证书路径
<VirtualHost *:80>
documentRoot "/var/www/html/"
#ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
<Location />
AllowOverride None
Require all denied
</Location>
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /cert/test.crt #替换为你自己的证书路径
SSLCertificateKeyFile /cert/test.key #替换为你自己的证书路径
SSLCACertificateFile /cert/test_ca.crt #替换为你自己的证书路径
ErrorLog logs/error_log
TransferLog logs/access_log
LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
####省略####
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
评论(0)