apache虚拟主机配置文件

less zcctest.conf

    SuexecUserGroup zcctest zcctest
    DocumentRoot /var/www/virtual/zcctest/home/wwwroot
    ServerName zcctest.w186.abc.com
    ServerAlias zcctest.w186.abc.com
    DirectoryIndex index.php index.html index.htm
    ScriptAlias /php5-cgi /var/www/virtual/zcctest/bin/php-cgi
   
        AddHandler php5-cgi .php
        Action php5-cgi /php5-cgi
        AllowOverride All
        Options -Indexes -ExecCGI Includes IncludesNOEXEC FollowSymLinks
        Allow from all
   
    ScriptAlias /cgi-bin/ /var/www/virtual/zcctest/home/cgi-bin/
   
        Options -Indexes ExecCGI
        AllowOverride AuthConfig FileInfo
        Allow from all
   
    Alias /error /var/www/virtual/zcctest/home/error
   
        AllowOverride None
        Options None
        Allow from all
   
    ErrorDocument 404 /error/404.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 500 /error/500.html
    CustomLog "|/usr/sbin/rotatelogs -l /var/www/virtual/zcctest/home/logs/zcctest-access_log.%Y.%m.%d 86400" common
    ErrorLog "|/usr/sbin/rotatelogs -l /var/www/virtual/zcctest/home/logs/zcctest-error_log.%Y.%m.%d 86400"
    CBandScoreboard /var/www/virtual/zcctest/home/logs/bandscore
    CBandExceededURL
    CBandLimit 10240Mi
    CBandPeriod 30D
    CBandSpeed 0 0 1000
   
        SetHandler cband-status-me
   

脚本

control.sh -a 主机名            (允许所有)
control.sh -d 主机名            (拒绝所有)    
control.sh -s 主机名 ip         (允许一些ip访问)
control.sh -x 主机名 ip         (拒绝一些ip访问)
control.sh -i 主机名 目录 ip    (允许ip访问目录)
control.sh -l 主机名 目录       (删除对目录访问的ip限制)

less control.sh

#!/bin/sh
#control.sh -a 主机名            (允许所有)
#control.sh -d 主机名            (拒绝所有)
#control.sh -s 主机名 ip         (允许一些ip访问)
#control.sh -x 主机名 ip         (拒绝一些ip访问)
#control.sh -i 主机名 目录 ip    (允许ip访问目录)
#control.sh -l 主机名 目录       (删除对目录访问的ip限制)
allowall ()
 {
 FILE=/etc/httpd/vhost.d/$1.conf
 a=$(head -n 13 $FILE | tail -n 1 | sed 's=\( *\)==' |awk '{print $1,$2}')
 if [ "$a" = "Deny from" ];then
  sed -i 's=Deny from .*=Allow from all=' $FILE
 elif
  ip=$(grep -B 1 "Deny from all" /etc/httpd/vhost.d/$1.conf | head -n 1 | sed 's=\( *\)==')
  [ "$ip" = "Options -Indexes -ExecCGI Includes IncludesNOEXEC FollowSymLinks" ];then
  sed -i '13s/Deny/Allow/' $FILE
 else
  grep -v "$ip" $FILE > /tmp/$$.tmp
  cat /tmp/$$.tmp > $FILE
  sed -i '13s/Deny/Allow/' $FILE
  rm /tmp/$$.tmp
 fi
 }
denyall ()
 {
 FILE=/etc/httpd/vhost.d/$1.conf
 a=$(head -n 13 $FILE | tail -n 1 | sed 's=\( *\)==' |awk '{print $1,$2}')
 if [ "$a" = "Allow from" ];then
  sed -i '13d' $FILE
  sed -i 12a"Deny from all" $FILE
 elif grep -q "Deny from .*" $FILE;then
  sed -i 's=Deny from .*=Deny from all=' $FILE
 else
  sed -i '13s/Allow/Deny/' /etc/httpd/vhost.d/$1.conf
 fi
 number=$(grep "Deny from all" $FILE | wc -l | awk '{print $1}')
 if [ "${number}" -ne 1 ];then
  sed -i "13d" $FILE
 fi
 }
allowsome()
 {
 echo $2 >/tmp/$1.tmp
 ip=`sed "s/,/ /g" /tmp/$1.tmp`
 rm /tmp/$1.tmp
 FILE=/etc/httpd/vhost.d/$1.conf
        line=$(sed -n '/Deny from all/=' $FILE)
 linea=$(($line - 1))
 if $(grep -B 1 "Deny from all" $FILE | grep -q '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}');then
  sed -e "${linea}s=Allow from .*=Allow from $ip=" $FILE > /tmp/$$.tmp
         cat /tmp/$$.tmp > $FILE
  rm -f /tmp/$$.tmp
 exit 0
 fi
 if $(grep -q "Deny from all" $FILE) ;then
  sed -i ${line}i"Allow from" $FILE
  sed "${line}s=Allow from=Allow from $ip=" $FILE > /tmp/$$.tmp
  cat /tmp/$$.tmp > $FILE
  rm -f /tmp/$$.tmp
 fi
 }
denysome()
 {
 echo $2 >/tmp/$1.tmp
 ip=`sed "s/,/ /g" /tmp/$1.tmp`
 rm /tmp/$1.tmp
 FILE=/etc/httpd/vhost.d/$1.conf
 if grep -q "Deny from all" $FILE;then
  exit 0
 fi
 a=$(head -n 13 $FILE | tail -n 1 | sed 's=\(^        \)==')
 b=$(head -n 13 $FILE | tail -n 1 | sed 's=\(^        \)=='| awk '{print $1,$2}')
 if [ X"$a" = X"Allow from all" ];then
  sed "13s=Allow from all=Deny from $ip=" $FILE > /tmp/$$.tmp
  cat /tmp/$$.tmp > $FILE
  rm -f /tmp/$$.tmp
 elif [ X"$b" = X"Deny from" ];then
  sed "13s=Deny from .*=Deny from $ip=" $FILE > /tmp/$$.tmp
  cat /tmp/$$.tmp > $FILE
  rm /tmp/$$.tmp
 fi
 }
ipdirectory()
 {
 echo $2 >/tmp/$1_Directory.tmp
 Directory=$(head -n 1 /tmp/$1_Directory.tmp)
 rm /tmp/$1_Directory.tmp
 echo $3 >/tmp/$1.tmp
 ip=`sed "s/,/ /g" /tmp/$1.tmp`
 rm /tmp/$1.tmp
 FILE=/etc/httpd/vhost.d/$1.conf
 line=$(($(wc -l $FILE | awk '{print $1}') - 1))
 if grep -q -o "" $FILE ;then
  Directoryline=$(($(grep -n -o "" $FILE | awk -F : '{print $1}') +5))
  sed -i "${Directoryline}s=\(allow from .*\)=\1 $ip=" $FILE
 else
  sed -i ${line}a"" $FILE
  sed -i `expr $line + 1`a"AddHandler php5-cgi .php" $FILE
  sed -i `expr $line + 2`a"Action php5-cgi /php5-cgi" $FILE
  sed -i `expr $line + 3`a"AllowOverride All" $FILE
  sed -i `expr $line + 4`a"Options -Indexes -ExecCGI Includes IncludesNOEXEC FollowSymLinks" $FILE
         sed -i `expr $line + 5`a"allow from $ip" $FILE
         sed -i `expr $line + 6`a"deny from all" $FILE
  sed -i `expr $line + 7`a"" $FILE
 fi
 }
delipdirectory()
 {
 echo $2 >/tmp/$1_Directory.tmp
        Directory=$(head -n 1 /tmp/$1_Directory.tmp)
        echo $3 >/tmp/$1.tmp
        ip=`sed "s/,/ /g" /tmp/$1.tmp`
        FILE=/etc/httpd/vhost.d/$1.conf
        Directoryline=$(grep -n -o "" $FILE | awk -F : '{print $1}')
 Da=$(($Directoryline + 7))
 sed -i "${Directoryline},${Da}d" $FILE
 }
case $1 in
 -a)
  denyall $2
  allowall $2
  /sbin/service httpd reload >/dev/null;;
 -d)
  denyall $2
  /sbin/service httpd reload >/dev/null;;
 -s)
  if [ $# -eq 2 ];then
  denyall $2
  else
  denyall $2
  allowsome $2 $3
  /sbin/service httpd reload >/dev/null
  fi;;
 -x)
  denyall $2
  allowall $2
  denysome $2 $3
         /sbin/service httpd reload >/dev/null;;
 -i)
  ipdirectory $2 $3 $4
         /sbin/service httpd reload >/dev/null;;
 -l)
  delipdirectory $2 $3
         /sbin/service httpd reload >/dev/null;;
esac