如何在 Apache2 中只允许 localhost?
我的 /etc/apache2/sites-enabled/000-default 是
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /home/masi/Dropbox/a
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/masi/Dropbox/a/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
deny from all // Problem HERE!
allow from 127.0.0.1
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
我浏览到
http://localhost/index.php
失败。我明白了Forbidden
。
切换允许、拒绝顺序(您想先拒绝所有,然后允许本地主机)。
改变:
Order allow,deny
致:
Order deny,allow
(这是默认行为)
更简单。查看“/usr/share/doc”配置:)复制并粘贴!
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
回复玛哈的回答
这是适合我的文件。你可以在 /var/www 的地方拥有你想要的东西。
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
deny from all
allow from 127.0.0.1
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
如果想要配置多个虚拟主机,有些允许从本地主机外部访问,有些则不允许,那么当遵循本页其他答案的修复时,原始问题中的方法就可以工作。
但是,如果希望仅允许本地主机,则更改顶级配置中的
Listen
和 ServerName
即可实现。因此可能会阻止系统防火墙中的端口。
Listen 127.0.0.1:80
ServerName localhost:80
我认为演示配置防火墙的示例超出了此处的范围,因为可以使用许多不同的防火墙。