站点访问控制常见机制
可基于两种机制指明对哪些资源进行何种访问控制
-
文件系统路径:
<Directory " "> ... </Directory> <File " "> ... </File> <FileMatch "PATTERN"> ... </FileMatch>
-
URL路径:
<Location " "> ... </Location> <LocationMatch "PATTERN"> ... </LocationMatch>
<Directory>中“基于源地址”实现访问控制:
-
Options
后跟1个或多个以空白字符分隔的“选项”列表;
Indexes:指明的URL路径下不存在与定义的主页面资源相符的资源文件时,返回索引列表给用户;
FollowSymLinks:允许跟踪符号连接文件所指向的源文件;
None:都不启用;
All:除了MultiViews以外,都启用; -
AllowOverride
与访问控制相关的哪些指令可以放在.htaccess
文件(每个目录下都可以有一个)中;
None:
All: -
主机访问权限:
-
控制页面资源允许主机访问:
-
httpd-2.2:order和allow、deny
<Directory " "> ... Order allow,deny Allow from all ... </Directory>
order:定义生效次序;卸载后面的表示默认法则;
Allow from,Deny from
来源地址:
IP
NetAddr:
172.16
172.16.0.0
172.16.0.0/16
172.16.0.0/255.255.0.0 -
httpd-2.4
<Directory " "> ... Require all granted ... </Directory>
-
基于IP控制:
Require ip IP地址或网络地址;<Directory " "> ... <RequireAll> Require ip IP.AD.DR.ESS </RequireAll> ... </Directory>
-
基于主机名控制:
Require host主机名或域名;<Directory " "> ... <RequireAll> Require host host.example.com </RequireAll> ... </Directory>
注意:要放置于
<RequireAll>
或<RequireAny>
配置块中; -
基于IP控制:
-
-
控制页面资源拒绝主机访问:
-
httpd-2.2
<Directory " "> ... Order allow,deny Deny from all ... </Directory>
-
httpd-2.4
<Directory " "> ... Require all denied ... </Directory>
-
基于IP控制:
Require not ip IP地址或网络地址;<Directory " "> ... <RequireAll> Require not ip IP.AD.DR </RequireAll> ... </Directory>
-
基于主机名控制:
Require not host主机名或域名;<Directory " "> ... <RequireAll> Require not example.com </RequireAll> ... </Directory>
注意:要放置于
<RequireAll>
或<RequireAny>
配置块中; -
基于IP控制:
-
-
控制页面资源允许主机访问:
网友评论