• 欢迎访问LLYCLOUD information technical share center (ITSC),Linux 安全,Linux 系统,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入LLYCLOUD QQ群
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏LLYCLOUD ITSC吧

2.访问控制&虚拟主机

Linux安全与高级应用 Akide_Liu 9个月前 (02-01) 116次浏览 0个评论

1. 基于客户端地址的访问控制

Order配置项,定义控制顺序

先允许后拒绝,默认拒绝所有:Order allow,deny

先拒绝后允许,默认允许所有:Order deny,allow

谁在后谁优先,谁在下谁优先

Allow、Deny配置项,设置允许或拒绝的地址

Deny from address1 address2 …

Allow from address1 address2 …

1)【默认状态】

[[email protected] 桌面]# vim /usr/local/httpd/conf/httpd.conf

131 <Directory “/usr/local/httpd/htdocs”>

132 #

133 # Possible values for the Options directive are “None”, “All”,

134 # or any combination of:

135 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

136 #

137 # Note that “MultiViews” must be named *explicitly* — “Options All”

138 # doesn’t give it to you.

139 #

140 # The Options directive is both complicated and important. Please see

141 # http://httpd.apache.org/docs/2.2/mod/core.html#options

142 # for more information.

143 #

144 Options Indexes FollowSymLinks

145

146 #

147 # AllowOverride controls what directives may be placed in .htaccess files.

148 # It can be “All”, “None”, or any combination of the keywords:

149 # Options FileInfo AuthConfig Limit

150 #

151 AllowOverride None

152

153 #

154 # Controls who can get stuff from this server.

155 #

156 Order allow,deny 【先允许后拒绝,默认拒绝所有】

157 Allow from all 【允许所有】

158

159 </Directory>

2)【仅允许】

[[email protected] 桌面]# vim /usr/local/httpd/conf/httpd.conf

131 <Directory “/usr/local/httpd/htdocs”>

132 #

133 # Possible values for the Options directive are “None”, “All”,

134 # or any combination of:

135 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

136 #

137 # Note that “MultiViews” must be named *explicitly* — “Options All”

138 # doesn’t give it to you.

139 #

140 # The Options directive is both complicated and important. Please see

141 # http://httpd.apache.org/docs/2.2/mod/core.html#options

142 # for more information.

143 #

144 Options Indexes FollowSymLinks

145

146 #

147 # AllowOverride controls what directives may be placed in .htaccess files.

148 # It can be “All”, “None”, or any combination of the keywords:

149 # Options FileInfo AuthConfig Limit

150 #

151 AllowOverride None

152

153 #

154 # Controls who can get stuff from this server.

155 #

156 Order allow,deny 【先拒绝后允许,默认允许】

157 Allow from 192.168.1.2 【允许1.2单台主机访问】

158

159 </Directory>

验证效果:

2.访问控制&虚拟主机

3)仅拒绝

[[email protected] 桌面]# vim /usr/local/httpd/conf/httpd.conf

131 <Directory “/usr/local/httpd/htdocs”>

132 #

133 # Possible values for the Options directive are “None”, “All”,

134 # or any combination of:

135 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

136 #

137 # Note that “MultiViews” must be named *explicitly* — “Options All”

138 # doesn’t give it to you.

139 #

140 # The Options directive is both complicated and important. Please see

141 # http://httpd.apache.org/docs/2.2/mod/core.html#options

142 # for more information.

143 #

144 Options Indexes FollowSymLinks

145

146 #

147 # AllowOverride controls what directives may be placed in .htaccess files.

148 # It can be “All”, “None”, or any combination of the keywords:

149 # Options FileInfo AuthConfig Limit

150 #

151 AllowOverride None

152

153 #

154 # Controls who can get stuff from this server.

155 #

156 Order deny,allow

157 Deny from 192.168.1.2

158

159 </Directory>

2、用户授权限制

1)创建用户认证数据库

[[email protected] httpd]# /usr/local/httpd/bin/htpasswd –c

/usr/local/httpd/conf/passwd webadmin

New password:

Re-type new password:

Adding password for user webadmin

You have new mail in /var/spool/mail/root

[[email protected] httpd]# cat /usr/local/httpd/conf/passwd 【查看密码文件】

webadmin:RDJsW0GKqicE6

2)添加用户授权配置

[[email protected] httpd]# vim /usr/local/httpd/conf/httpd.conf

131 <Directory “/usr/local/httpd/htdocs”>

132 #

133 # Possible values for the Options directive are “None”, “All”,

134 # or any combination of:

135 # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

136 #

137 # Note that “MultiViews” must be named *explicitly* — “Options All”

138 # doesn’t give it to you.

139 #

140 # The Options directive is both complicated and important. Please see

141 # http://httpd.apache.org/docs/2.2/mod/core.html#options

142 # for more information.

143 #

144 Options Indexes FollowSymLinks

145

146 #

147 # AllowOverride controls what directives may be placed in .htaccess files.

148 # It can be “All”, “None”, or any combination of the keywords:

149 # Options FileInfo AuthConfig Limit

150 #

151 AllowOverride None

152

153 #

154 # Controls who can get stuff from this server.

155 #

156 Order allow,deny

157 allow from all

158 AuthName “lly’s web” 【受保护的领域名称】

159 AuthType Basic 【设置认证的类型:基本】

160 AuthUserFile /usr/local/httpd/conf/passwd 【用户认证账号文件】

161 require valid-user 【要求通过认证才能访问】

162 </Directory>

[[email protected] httpd]# /etc/init.d/httpd restart 【重启服务】

验证效果:

【登录失败】

2.访问控制&虚拟主机

【登录界面】

2.访问控制&虚拟主机

3. 构建虚拟主机

虚拟Web主机:在同一台服务器中运行多个Web站点,其中每一个站点并不独立占用一台真正的计算机

httpd支持的虚拟主机类型:

  1. 基于域名的虚拟主机
  2. 基于IP地址的虚拟主机
  3. 基于端口的虚拟主机

1)基于域名的主机

【为虚拟主机提供域名解析】

[[email protected] httpd]# vim /etc/hosts 【修改hosts文件】

192.168.1.2 www http://www.benet.com 【添加】

192.168.1.2 www http://www.accp.com

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

【为虚拟主机准备网页文档】

[[email protected] httpd]# mkdir -p /var/www/html/benetcom 【创建目录】

[[email protected] httpd]# mkdir -p /var/www/html/accpcom

[[email protected] httpd]# echo “<h1>www.benet.com</h1>” > /var/www/html/benetcom/index.html 【写入网站文件】

You have new mail in /var/spool/mail/root

[[email protected] httpd]# echo “<h1>www.accp.com</h1>” > /var/www/html/accpcom/index.html

【修改配置文件】

[[email protected] httpd]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf

NameVirtualHost 192.168.1.2:80 【需要修改】

<Directory “/var/www/html”> 【设置允许】

Order allow,deny

Allow from all

</Directory>

#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost container.

# The first VirtualHost section is used for all requests that do not

# match a ServerName or ServerAlias in any <VirtualHost> block.

#

<VirtualHost 192.168.1.2:80>

ServerAdmin [email protected]

DocumentRoot “/var/www/html/benetcom”

ServerName http://www.benet.com

ServerAlias http://www.dummy-host.example.com

ErrorLog “/usr/local/httpd/logs/benetcom_error_log”

CustomLog “/usr/local/httpd/logs/accpcom_access_log” common

</VirtualHost>

<VirtualHost 192.168.1.2:80>

ServerAdmin [email protected]

DocumentRoot “/var/www/html/accpcom”

ServerName http://www.accp.com

ErrorLog “/usr/local/httpd/logs/accpcom_error_log”

CustomLog “/usr/local/httpd/logs/accpcom_access_log” common

</VirtualHost>

【添加主配置文件支持】

[[email protected] httpd]# vim /usr/local/httpd/conf/httpd.conf

389 # Virtual hosts

390 Include conf/extra/httpd-vhosts.conf 【取消注释即可】

[[email protected] extra]# /etc/init.d/httpd restart 【重启服务】

验证:

2.访问控制&虚拟主机

2)基于不同端口

【为虚拟主机提供域名解析】

[[email protected] httpd]# vim /etc/hosts 【修改hosts文件】

192.168.1.2 www http://www.accp.com

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

【为虚拟主机准备网页文档】

[[email protected] httpd]# mkdir -p /var/www/html/80 【创建目录】

[[email protected] httpd]# mkdir -p /var/www/html/8080

[[email protected] httpd]# echo “<h1> This is a port 80 hosts </h1>” > /var/www/html/80/index.html 【写入网站文件】

You have new mail in /var/spool/mail/root

[[email protected] httpd]# echo “<h1> This is a port 8080 hosts </h1>” > /var/www/html/8080/index.html

【配置虚拟主机配置文件】

[[email protected] httpd]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf

NameVirtualHost 192.168.1.2

<Directory “/var/www/html”>

Order allow,deny

Allow from all

</Directory>

#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost container.

# The first VirtualHost section is used for all requests that do not

# match a ServerName or ServerAlias in any <VirtualHost> block.

#

<VirtualHost 192.168.1.2:80>

DocumentRoot “/var/www/html/80”

ServerName http://www.accp.com

ServerAlias http://www.dummy-host.example.com

ErrorLog “/usr/local/httpd/logs/80_error_log”

CustomLog “/usr/local/httpd/logs/80_log” common

</VirtualHost>

:<VirtualHost 192.168.1.2:8080>

DocumentRoot “/var/www/html/8080”

ServerName http://www.accp.com

ErrorLog “/usr/local/httpd/logs/8080_error_log”

CustomLog “/usr/local/httpd/logs/8080_access_log” common

</VirtualHost>

【设置监听端口】

[[email protected] extra]# vim /usr/local/httpd/conf/httpd.conf

40 Listen 192.168.1.2:80

41 Listen 192.168.1.2:8080

……….

389 # Virtual hosts

390 Include conf/extra/httpd-vhosts.conf

【重启服务】

[[email protected] extra]# /etc/init.d/httpd restart

验证效果:

2.访问控制&虚拟主机

3)基于不同ip

【设置两个不同的ip地址】

[[email protected] 桌面]# ifconfig eth0:1 192.168.1.3

[[email protected] 桌面]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:29:E4:E9:89

inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fee4:e989/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:30 errors:0 dropped:0 overruns:0 frame:0

TX packets:19 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:2392 (2.3 KiB) TX bytes:1282 (1.2 KiB)

Interrupt:19 Base address:0x2024

eth0:1 Link encap:Ethernet HWaddr 00:0C:29:E4:E9:89

inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:19 Base address:0x2024

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:79 errors:0 dropped:0 overruns:0 frame:0

TX packets:79 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:88408 (86.3 KiB) TX bytes:88408 (86.3 KiB)

【为虚拟主机提供域名解析】

[[email protected] httpd]# vim /etc/hosts 【修改hosts文件】

192.168.1.2 www http://www.benet.com 【添加】

192.168.1.3 www http://www.accp.com

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

【为虚拟主机准备网页文档】

[[email protected] httpd]# mkdir -p /var/www/html/benetcom 【创建目录】

[[email protected] httpd]# mkdir -p /var/www/html/accpcom

[[email protected] httpd]# echo “<h1>ip:192.168.1.2</h1>” > /var/www/html/benetcom/index.html 【写入网站文件】

You have new mail in /var/spool/mail/root

[[email protected] httpd]# echo “<h1>ip:192.168.1.3</h1>” > /var/www/html/accpcom/index.html

【配置虚拟主机配置文件】

[[email protected] 桌面]# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf

NameVirtualHost 192.168.1.2

NameVirtualHost 192.168.1.3

<Directory “/var/www/html”>

Order allow,deny

Allow from all

</Directory>

#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost container.

# The first VirtualHost section is used for all requests that do not

# match a ServerName or ServerAlias in any <VirtualHost> block.

#

<VirtualHost 192.168.1.2>

ServerAdmin [email protected]

DocumentRoot “/var/www/html/benetcom”

ServerName http://www.benet.com

ServerAlias http://www.dummy-host.example.com

ErrorLog “/usr/local/httpd/logs/benetcom_error_log”

CustomLog “/usr/local/httpd/logs/accpcom_access_log” common

</VirtualHost>

<VirtualHost 192.168.1.3>

ServerAdmin [email protected]

DocumentRoot “/var/www/html/accpcom”

ServerName http://www.accp.com

ErrorLog “/usr/local/httpd/logs/accpcom_error_log”

CustomLog “/usr/local/httpd/logs/accpcom_access_log” common

</VirtualHost>

【添加主配置文件支持】

[[email protected] httpd]# vim /usr/local/httpd/conf/httpd.conf

389 # Virtual hosts

390 Include conf/extra/httpd-vhosts.conf 【取消注释即可】

[[email protected] extra]# /etc/init.d/httpd restart 【重启服务】

验证:

2.访问控制&虚拟主机


Llycloud ITSC , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:2.访问控制&虚拟主机
喜欢 (0)
[]
分享 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址