• linux中apache服务的访问控制(基于主机IP地址)


    以下实验使用三台虚拟机完成。

    服务器端:PC1,192.168.10.10

    客户机端:PC2,192.168.10.20

    客户机端:PC3,192.168.10.30

    1、PC1服务器端安装apache服务

    [root@PC1 ~]# yum install httpd -y
    Loaded plugins: langpacks, product-id, subscription-manager
    This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
    rhel7                                                    | 4.1 kB     00:00     
    Resolving Dependencies
    --> Running transaction check
    ---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
    --> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
    --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
    --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
    --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
    --> Running transaction check
    ---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
    ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
    ---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
    ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package             Arch           Version                 Repository     Size
    ================================================================================
    Installing:
     httpd               x86_64         2.4.6-17.el7            rhel7         1.2 M
    Installing for dependencies:
     apr                 x86_64         1.4.8-3.el7             rhel7         103 k
     apr-util            x86_64         1.5.2-6.el7             rhel7          92 k
     httpd-tools         x86_64         2.4.6-17.el7            rhel7          77 k
     mailcap             noarch         2.1.41-2.el7            rhel7          31 k
    
    Transaction Summary
    ================================================================================
    Install  1 Package (+4 Dependent packages)
    
    Total download size: 1.5 M
    Installed size: 4.3 M
    Downloading packages:
    --------------------------------------------------------------------------------
    Total                                              5.8 MB/s | 1.5 MB  00:00     
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : apr-1.4.8-3.el7.x86_64                                       1/5 
      Installing : apr-util-1.5.2-6.el7.x86_64                                  2/5 
      Installing : httpd-tools-2.4.6-17.el7.x86_64                              3/5 
      Installing : mailcap-2.1.41-2.el7.noarch                                  4/5 
      Installing : httpd-2.4.6-17.el7.x86_64                                    5/5 
    rhel7/productid                                          | 1.6 kB     00:00     
      Verifying  : mailcap-2.1.41-2.el7.noarch                                  1/5 
      Verifying  : httpd-tools-2.4.6-17.el7.x86_64                              2/5 
      Verifying  : apr-1.4.8-3.el7.x86_64                                       3/5 
      Verifying  : apr-util-1.5.2-6.el7.x86_64                                  4/5 
      Verifying  : httpd-2.4.6-17.el7.x86_64                                    5/5 
    
    Installed:
      httpd.x86_64 0:2.4.6-17.el7                                                   
    
    Dependency Installed:
      apr.x86_64 0:1.4.8-3.el7                 apr-util.x86_64 0:1.5.2-6.el7       
      httpd-tools.x86_64 0:2.4.6-17.el7        mailcap.noarch 0:2.1.41-2.el7       
    
    Complete!

    2、PC1端创建测试网站数据目录及首页文件

    [root@PC1 ~]# cd /var/www/html/
    [root@PC1 html]# ls
    [root@PC1 html]# mkdir server
    [root@PC1 html]# cd server/
    [root@PC1 server]# ls
    [root@PC1 server]# echo "1111122222333333" > index.html
    [root@PC1 server]# ls
    index.html
    [root@PC1 server]# cat index.html 
    1111122222333333

    3、PC1端修改配置文件,设置访问控制策略

    ……
    125     AllowOverride None
    126     # Allow open access:
    127     Require all granted
    128 </Directory>
    129 <Directory "/var/www/html/server">
    130 Order allow,deny
    131 Allow from 192.168.10.20    ## 此处设置只允许 192.168.10.20主机访问
    132 </Directory>
    133 # Further relax access to the default document root:
    134 <Directory "/var/www/html">
    ……

    4、PC1端重启apache服务

    [root@PC1 server]# systemctl restart httpd
    [root@PC1 server]# systemctl status httpd | head -n 5
    httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
       Active: active (running) since Fri 2020-12-18 00:37:17 CST; 3s ago
      Process: 4053 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
     Main PID: 4057 (httpd)

    5、PC1服务器端清空防火墙策略

    [root@PC1 server]# iptables -F
    [root@PC1 server]# service iptables save
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

    6、PC1端测试效果(PC1端192.168.10.10不在允许主机中)

    7、PC2端测试访问效果(PC2,192.168.10.20在允许主机名单中)

    8、PC3端测试访问效果(PC3 192.168.10.30不在允许名单中)

    9、PC1端修改访问控制配置文件

    [root@PC1 server]# vim /etc/httpd/conf/httpd.conf
    ……
    127     Require all granted
    128 </Directory>
    129 <Directory "/var/www/html/server">
    130 Order allow,deny
    131 Allow from 192.168.10.10 192.168.10.30
    132 </Directory>
    133 # Further relax access to the default document root:
    134 <Directory "/var/www/html">
    135     #
    ……

    10、PC1端重启apache服务

    [root@PC1 server]# systemctl restart httpd
    [root@PC1 server]# systemctl status httpd | head -n 5
    httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
       Active: active (running) since Fri 2020-12-18 00:44:51 CST; 14s ago
      Process: 4240 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
     Main PID: 4244 (httpd)

    11、PC1端测试访问效果(192.168.10.10在允许清单)

    12、PC2测试访问效果(192.168.10.20不在允许清单)

     13、PC3测试访问效果(192.168.10.30在允许清单)

    以上实验实现了基于主机IP的apache访问控制。

  • 相关阅读:
    立方和等式 考虑方程式:a^3 + b^3 = c^3 + d^3 其中:“^”表示乘方。a、b、c、d是互不相同的小于30的正整数。
    iOS 响应链
    Android驱动使用JNI调用
    [置顶] OGG01091 Unable to open file (error 89, Invalid file system control data detected)
    Unix 系统信号集与编程
    跟我一起玩Win32开发(23):渐变颜色填充
    android webservice 简单应用
    lisk之初发布
    美妙的微机原理2013/4/22
    android 腾讯微博登录小demo
  • 原文地址:https://www.cnblogs.com/liujiaxin2018/p/14152944.html
Copyright © 2020-2023  润新知