Until recently, I had a bunch of virtual sites set up like so:
直到最近,我还有一堆虚拟网站设置如下:
<VirtualHost 127.0.0.1:1234>
...
This works fine for testing on my local machine, where I use a Linux desktop. In order to test how MS and explorer displays my pages from my Windows laptop, I changed this to
这适用于在我使用Linux桌面的本地计算机上进行测试。为了测试MS和资源管理器如何从我的Windows笔记本电脑显示我的页面,我将其更改为
<VirtualHost *:1234>
...
Which also works fine, calling the site up from http://[mylinuxservername]:1234 on my laptop's IE. However, I want to restrict that wildcard to the local lan. Plugging in any ip, like 192.nnn.nnn.nnn or 192.*.*.* where the wildcard is above results in 403 Forbidden on the windows machine. The local server still works fine on my Linux box:
这也很好,在我的笔记本电脑的IE上从http:// [mylinuxservername]:1234调用网站。但是,我想将该通配符限制为本地局域网。插入任何ip,如192.nnn.nnn.nnn或192。*。*。*,其中通配符在上面导致在Windows机器上403 Forbidden。本地服务器在我的Linux机箱上仍能正常工作:
<VirtualHost 127.0.0.1:1234 192.*.*.*:1234>
...
or
<VirtualHost 127.0.0.1:1234 192.nnn.nnn.nnn:1234> #exact IP of laptop
...
Anyway, I don't like that wildcard in the second config example above. Hints anyone?
无论如何,我不喜欢上面第二个配置示例中的那个通配符。提示任何人?
3 个解决方案
#1
The parameter(s) of VirtualHost are the local addresses you listen to, not the remote ones.
VirtualHost的参数是您收听的本地地址,而不是远程地址。
In Apache 2.4 and newer, use the Require directive:
在Apache 2.4及更高版本中,使用Require指令:
Require ip 127.0.0.0/8
Require ip 192.0.0.0/8
If you are using Apache 2.2 or earlier, use the authz_host configuration:
如果您使用的是Apache 2.2或更早版本,请使用authz_host配置:
Order Allow,Deny
Allow from 127.0.0.0/8
Allow from 192.168.0.0/16
This may also work on Apache 2.4, but Order and Allow have been deprecated.
这也适用于Apache 2.4,但不推荐使用Order和Allow。
#2
Just a note in case some noobs like me come here :)
只是一个注意,以防一些像我这样的新手来到这里:)
Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. Main Configuration Files
通过将指令放在纯文本配置文件中来配置Apache HTTP Server。主配置文件通常称为httpd.conf。主配置文件
For version 2.4
The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use. Access Control
mod_access_compat提供的Allow,Deny和Order指令已弃用,将在以后的版本中消失。您应该避免使用它们,并避免过时的教程建议使用它们。访问控制
Require ip 127.0.0.0/8
Require ip 192.0.0.0/8
or (not exactly the same)
或(不完全相同)
Require ip 127.0
Require ip 192.168
#3
Use iptables to restrict access to the machine itself. The first command will allow HTTP traffic from any network in the 192 range (note that I think you need 192.168 to truly be local but I could wrong). The second command simply drops packets from other sources for port 80
使用iptables限制对计算机本身的访问。第一个命令将允许来自192范围内任何网络的HTTP流量(请注意,我认为您需要192.168才能真正本地但我可能会错误)。第二个命令只是从端口80的其他源丢弃数据包
iptables -I 1 INPUT -s 192.0.0.0/8 -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I 2 INPUT -p tcp --dport 80 -m state --state NEW -j DROP
Then in your virtual host you can do <VirtualHost *:80>
然后在虚拟主机中,您可以执行
#1
The parameter(s) of VirtualHost are the local addresses you listen to, not the remote ones.
VirtualHost的参数是您收听的本地地址,而不是远程地址。
In Apache 2.4 and newer, use the Require directive:
在Apache 2.4及更高版本中,使用Require指令:
Require ip 127.0.0.0/8
Require ip 192.0.0.0/8
If you are using Apache 2.2 or earlier, use the authz_host configuration:
如果您使用的是Apache 2.2或更早版本,请使用authz_host配置:
Order Allow,Deny
Allow from 127.0.0.0/8
Allow from 192.168.0.0/16
This may also work on Apache 2.4, but Order and Allow have been deprecated.
这也适用于Apache 2.4,但不推荐使用Order和Allow。
#2
Just a note in case some noobs like me come here :)
只是一个注意,以防一些像我这样的新手来到这里:)
Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. Main Configuration Files
通过将指令放在纯文本配置文件中来配置Apache HTTP Server。主配置文件通常称为httpd.conf。主配置文件
For version 2.4
The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use. Access Control
mod_access_compat提供的Allow,Deny和Order指令已弃用,将在以后的版本中消失。您应该避免使用它们,并避免过时的教程建议使用它们。访问控制
Require ip 127.0.0.0/8
Require ip 192.0.0.0/8
or (not exactly the same)
或(不完全相同)
Require ip 127.0
Require ip 192.168
#3
Use iptables to restrict access to the machine itself. The first command will allow HTTP traffic from any network in the 192 range (note that I think you need 192.168 to truly be local but I could wrong). The second command simply drops packets from other sources for port 80
使用iptables限制对计算机本身的访问。第一个命令将允许来自192范围内任何网络的HTTP流量(请注意,我认为您需要192.168才能真正本地但我可能会错误)。第二个命令只是从端口80的其他源丢弃数据包
iptables -I 1 INPUT -s 192.0.0.0/8 -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I 2 INPUT -p tcp --dport 80 -m state --state NEW -j DROP
Then in your virtual host you can do <VirtualHost *:80>
然后在虚拟主机中,您可以执行