设为首页收藏本站--- 驰名中外的国际土木工程技术交流平台!

东南西北人

 找回密码
 注册

QQ登录

只需一步,快速开始

总共8807条微博

动态微博

本站帖子精华之精华汇总 Best of the Best英语口语、听力、翻译、考试学习经验交流与探讨1000多土木工程类行业软件、计算表格和计算工具免费下载东南西北人网站QQ精英群 QQ189615688
中国土木工程师手册(上中下)东南西北人英文资料走马观花500多专业手册、工程手册100多个专业词典大汇总
如何获取积分和金币?精彩施工和土木工程技术视频东南西北人英汉对照资料汇总各版块精彩讨论贴汇总!
查看: 928|回复: 2

如何从主机那里封堵IP Access control by host

[复制链接]
鲜花(136) 鸡蛋(3)
东南西北人 发表于 2010-7-28 18:41:45 | 显示全部楼层 |阅读模式
If you wish to restrict access to portions of your site based on the host address of your visitors, this is most easily done using mod_authz_host.

The Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The Order directive goes hand-in-hand with these two, and tells Apache in which order to apply the filters.

The usage of these directives is:

Allow from address

where address is an IP address (or a partial IP address) or a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired.

For example, if you have someone spamming your message board, and you want to keep them out, you could do the following:

Deny from 10.252.46.165

Visitors coming from that address will not be able to see the content covered by this directive. If, instead, you have a machine name, rather than an IP address, you can use that.

Deny from host.example.com

And, if you'd like to block access from an entire domain, you can specify just part of an address or domain name:

Deny from 192.168.205
Deny from phishers.example.com moreidiots.example
Deny from ke

Using Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a Deny and an Allow directive:

Order deny,allow
Deny from all
Allow from dev.example.com

Listing just the Allow directive would not do what you want, because it will let folks from that host in, in addition to letting everyone in. What you want is to let only those folks in.


Access control by environment variable
mod_authz_host, in conjunction with mod_setenvif, can be used to restrict access to your website based on the value of arbitrary environment variables. This is done with the Allow from env= and Deny from env= syntax.

SetEnvIf User-Agent BadBot GoAway=1
Order allow,deny
Allow from all
Deny from env=GoAway

Warning:
Access control by User-Agent is an unreliable technique, since the User-Agent header can be set to anything at all, at the whim of the end user.

In the above example, the environment variable GoAway is set to 1 if the User-Agent matches the string BadBot. Then we deny access for any request when this variable is set. This blocks that particular user agent from the site.

An environment variable test can be negated using the =! syntax:

Allow from env=!GoAway


Access control with mod_rewrite
The [F] RewriteRule flag causes a 403 Forbidden response to be sent. Using this, you can deny access to a resource based on arbitrary criteria.

For example, if you wish to block access to a resource between 8pm and 6am, you can do this using mod_rewrite.

RewriteEngine On
RewriteCond %{TIME_HOUR} >20 [OR]
RewriteCond %{TIME_HOUR} <07
RewriteRule ^/fridge - [F]

This will return a 403 Forbidden response for any request after 8pm or before 7am. This technique can be used for any criteria that you wish to check. You can also redirect, or otherwise rewrite these requests, if that approach is preferred.
鲜花(0) 鸡蛋(0)
xyzxyz 发表于 2018-3-7 02:33:58 | 显示全部楼层
鲜花(0) 鸡蛋(1)
flyingegg 发表于 2020-5-21 04:27:52 | 显示全部楼层
我的妈呀,爱死你了 支持东南西北人
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|关于我们|QQ即时充值|站点统计|手机版|小黑屋|百宝箱|留言|咨询|微信订阅|QQ189615688|东南西北人

GMT+8, 2020-6-5 02:24 , Processed in 0.144159 second(s), 37 queries .

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表