[Sun Jan 07 20:42:16.394102 2018] [rewrite:error] [pid 188:tid 2172] [client 192.168.2.102:51806] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/phpStudy/PHPTutorial/WWW/fastdatav/
[Sun Jan 07 20:52:22.419296 2018] [rewrite:error] [pid 188:tid 2172] [client 192.168.2.102:52530] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/phpStudy/PHPTutorial/WWW/fastdatav/
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm l.php
</IfModule>
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
DocumentRoot "C:\phpStudy\PHPTutorial\WWW"
<Directory />
Options +Indexes +FollowSymLinks +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
+Indexes 表示允许对目录文件生成列表
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# #
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
# #
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm l.php
</IfModule>
按照顺序,有index.php l.php同时有时,执行index.php #
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
http://192.168.2.102/.htmy
You don't have permission to access /.htmy on this server. http://192.168.2.102/.mytxt
显示.mytxt文本内容
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
日志位置
#ErrorLog "logs/error.log"
#ErrorLog "|bin/rotatelogs.exe -l logs/error-%Y-%m-%d.log 2M" #
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
日志记录级别
LogLevel debug <IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# 日志记录格式 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule> #
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
##CustomLog "logs/access.log" common #
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access.log" combined
</IfModule>
Apache的Order Allow,Deny 详解
Allow和Deny可以用于apache的conf文件或者.htaccess文件中(配合Directory, Location, Files等),用来控制目录和文件的访问授权。
所以,最常用的是:
Order Deny,Allow
Allow from All
注意“Deny,Allow”中间只有一个逗号,也只能有一个逗号,有空格都会出错;单词的大小写不限。上面设定的含义是先设定“先检查禁止设定,没有禁止的全部允许”,而第二句没有Deny,也就是没有禁止访问的设定,直接就是允许所有访问了。这个主要是用来确保或者覆盖上级目录的设置,开放所有内容的访问权。
按照上面的解释,下面的设定是无条件禁止访问:
Order Allow,Deny
Deny from All
如果要禁止部分内容的访问,其他的全部开放:
Order Deny,Allow
Deny from ip1 ip2
或者
Order Allow,Deny
Allow from all
Deny from ip1 ip2
apache会按照order决定最后使用哪一条规则,比如上面的第二种方式,虽然第二句allow允许了访问,但由于在order中allow不是最后规则,因此还需要看有没有deny规则,于是到了第三句,符合ip1和ip2的访问就被禁止了。注意,order决定的“最后”规则非常重要,下面是两个错误的例子和改正方式:
Order Deny,Allow
Allow from all
Deny from domain.org
错误:想禁止来自domain.org的访问,但是deny不是最后规则,apache在处理到第二句allow的时候就已经匹配成功,根本就不会去看第三句。
解决方法:Order Allow,Deny,后面两句不动,即可。
Order Allow,Deny
Allow from ip1
Deny from all
错误:想只允许来自ip1的访问,但是,虽然第二句中设定了allow规则,由于order中deny在后,所以会以第三句deny为准,而第三句的范围中又明显包含了ip1(all include ip1),所以所有的访问都被禁止了。
解决方法一:直接去掉第三句。
解决方法二:
Order Deny,Allow
Deny from all
Allow from ip1
下面是测试过的例子:
--------------------------------
Order deny,allow
allow from all
deny from 219.204.253.8
#全部都可以通行
-------------------------------
Order deny,allow
deny from 219.204.253.8
allow from all
#全部都可以通行
-------------------------------
Order allow,deny
deny from 219.204.253.8
allow from all
#只有219.204.253.8不能通行
-------------------------------
Order allow,deny
allow from all
deny from 219.204.253.8
#只有219.204.253.8不能通行
-------------------------------
-------------------------------
Order allow,deny
deny from all
allow from 219.204.253.8
#全部都不能通行
-------------------------------
Order allow,deny
allow from 219.204.253.8
deny from all
#全部都不能通行
Options +FollowSymLinks