有时候会把网站临时做一个白名单或黑名单的限制,有时候会发现来源的ip会有一些非法的请求,那通过访问日志可以发现某一个iP一直在进行尝试***站点;这时候,我们就可以把这个ip 禁掉。

## 第一种目录的方式

[root@wy ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf

      AllowOverride None

      Options None

      Order allow,deny

      Allow from all

      Deny 127.0.0.1

   

解释说明:

Order 设置顺序

Deny 设置deny的操作

Allow 设置allow的操作

## 检查并重新加载

[root@wy ~]# /usr/local/apache2/bin/apachectl -t

Syntax OK

[root@wy ~]# /usr/local/apache2/bin/apachectl graceful

## 测试(限制了127.0.0.1)

[root@wy ~]# curl -x127.0.0.1:80 www.test.com -I    

HTTP/1.1 403 Forbidden

Date: Sat, 05 Nov 2016 17:28:32 GMT

Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28

Content-Type: text/html; charset=iso-8859-1

## 测试(没有限制192.168.219.128)

[root@wy ~]# curl -x192.168.219.128:80 www.test.com/forum.php -I      

HTTP/1.1 200 OK

Date: Sat, 05 Nov 2016 17:29:54 GMT

Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28

X-Powered-By: PHP/5.3.28

Set-Cookie: pC8f_2132_saltkey=Uhm568Hh; expires=Mon, 05-Dec-2016 17:29:54 GMT; path=/; httponly

Set-Cookie: pC8f_2132_lastvisit=1478363394; expires=Mon, 05-Dec-2016 17:29:54 GMT; path=/

Set-Cookie: pC8f_2132_sid=P2DP8V; expires=Sun, 06-Nov-2016 17:29:54 GMT; path=/

Set-Cookie: pC8f_2132_lastact=1478366994%09forum.php%09; expires=Sun, 06-Nov-2016 17:29:54 GMT; path=/

Set-Cookie: pC8f_2132_onlineusernum=1; expires=Sat, 05-Nov-2016 17:34:54 GMT; path=/

Set-Cookie: pC8f_2132_sid=P2DP8V; expires=Sun, 06-Nov-2016 17:29:54 GMT; path=/

Cache-Control: max-age=0

Expires: Sat, 05 Nov 2016 17:29:54 GMT

Content-Type: text/html; charset=gbk

## 第二种uri的方式

[root@wy ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf

 

       Order deny,allow

       Deny from all

       Allow from 127.0.0.1

   

## 检查并重新加载

[root@wy ~]# /usr/local/apache2/bin/apachectl -t

Syntax OK

[root@wy ~]# /usr/local/apache2/bin/apachectl graceful

## 测试(只允许了127.0.0.1)

[root@wy ~]# curl -x192.168.219.128:80 www.test.com/admin.php -I

HTTP/1.1 403 Forbidden

Date: Sat, 05 Nov 2016 17:42:03 GMT

Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28

Content-Type: text/html; charset=iso-8859-1

[root@wy ~]# curl -x127.0.0.1:80 www.test.com/admin.php -I            

HTTP/1.1 200 OK