Apache如何禁止通过非指定域名或IP访问服务器
Apache/httpd禁止非指定域名或IP访问,仅允许指定域名访问:
一、具体配置如下,修改httpd.conf或者修改vhost配置文件,添加如下内容:
<VirtualHost *:80>
documentRoot "/var/www/html/"
#ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
<Location />
AllowOverride None
Require all denied
</Location>
ErrorLog logs/error_log
TransferLog logs/access_log
LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName test.orcy.net.cn
ErrorLog logs/error_log
TransferLog logs/access_log
LogLevel warn
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>二、如果站点开启了ssl则配置如下
只需要添加ssl证书路径
<VirtualHost *:80>
documentRoot "/var/www/html/"
#ServerName www.orcy.net.cn #如禁止通过www.orcy.net.cn访问则取消注释
<Location />
AllowOverride None
Require all denied
</Location>
SSLEngine on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /cert/test.crt #替换为你自己的证书路径
SSLCertificateKeyFile /cert/test.key #替换为你自己的证书路径
SSLCACertificateFile /cert/test_ca.crt #替换为你自己的证书路径
ErrorLog logs/error_log
TransferLog logs/access_log
LogLevel warn
</VirtualHost>
##
#以下为正常虚拟主机配置文件
####省略####