该篇讲述Apache2服务器网站访问方面的安全配置及多域名设定的详解,希望对于初学Apache服务器相关的朋友有帮助,更多Apache安装、配置、报错处理等资源请本站内搜索。
在 /etc/apache2/sites-enabled 目录下,应该要存在以下文件:
000-default(默认设定,但是要修改)
abc.com(abc.com网站的设定,这里假定运行2个网站)
def.com(def.com网站的设定,这里假定运行2个网站)
block_ip_access(禁止使用IP地址直接访问apache的默认页)
这是apache的默认内置网站的设置文件。
1,一定要指定只能内部访问,否则当其他人设置其他域名指向你的IP地址,就会引致异常访问和DoS攻击,并且恐怕会有漏洞被利用。
所以要指定内置网站的“域名”,本机用localhost就可以访问,拒绝其他域名:
ServerName localhost
ServerAlias localhost
2,我尝试在其他电脑上修改了hosts,指定“localhost”为这台服务器的IP地址,证实这样也能通过Internet非法访问。
所以要指定除了内部IP地址外,其他地址不能访问:
搜索所有“Allow from all”,
修改为“Deny from all
allow from 127.0.0.0/255.0.0.0 ::1/128”
2个网站的配置文件,唯一要设定的是对应的域名:
ServerName abc.com
ServerAlias www.abc.com
若不设置一个文件来响应直接访问IP地址的访问,就会令访问者可以绕过abc.com、def.com而直接访问到apache的默认内置网站。
所以要指定IP地址禁止访问:
ServerName 公网IP地址
ServerAlias 公网IP地址
并且:
“Allow from all”改为“Deny from all”
最后附上我的四个设定文件,有问题请随时留言,尽复。
ServerAdmin [email protected]
ServerName localhost
ServerAlias localhost
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride all
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Deny from all
allow from 127.0.0.0/255.0.0.0 ::1/128
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride all
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
【block_ip_access】
ServerAdmin [email protected]
ServerName 198.74.48.110
ServerAlias 198.74.48.110
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride all
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Deny from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride all
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Deny from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
【网站1】
ServerAdmin [email protected]
ServerName beec-edu.com
ServerAlias www.beec-edu.com
DocumentRoot /var/www/beec-ifc
Options FollowSymLinks
AllowOverride all
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride all
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
【网站2】
ServerAdmin [email protected]
ServerName beec-ifc.com
ServerAlias www.beec-ifc.com
DocumentRoot /var/www/beec-ifc
Options FollowSymLinks
AllowOverride all
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride all
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride all
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。
