2013-09-10 16:59:54
来 源
ITJS.CN
Apache
该篇讲述Apache2服务器网站访问方面的安全配置及多域名设定的详解,希望对于初学Apache服务器相关的朋友有帮助,更多Apache安装、配置、报错处理等资源请本站内搜索。
安装教程在网上很多,这里忽略。

在 /etc/apache2/sites-enabled 目录下,应该要存在以下文件:

000-default(默认设定,但是要修改)

abc.com(abc.com网站的设定,这里假定运行2个网站)

def.com(def.com网站的设定,这里假定运行2个网站)

block_ip_access(禁止使用IP地址直接访问apache的默认页)

这是apache的默认内置网站的设置文件。

1,一定要指定只能内部访问,否则当其他人设置其他域名指向你的IP地址,就会引致异常访问和DoS攻击,并且恐怕会有漏洞被利用。

所以要指定内置网站的“域名”,本机用localhost就可以访问,拒绝其他域名:

ServerName localhost

ServerAlias localhost

2,我尝试在其他电脑上修改了hosts,指定“localhost”为这台服务器的IP地址,证实这样也能通过Internet非法访问。

所以要指定除了内部IP地址外,其他地址不能访问:

搜索所有“Allow from all”,

修改为“Deny from all

allow from 127.0.0.0/255.0.0.0 ::1/128”

2个网站的配置文件,唯一要设定的是对应的域名:

ServerName abc.com

ServerAlias www.abc.com

若不设置一个文件来响应直接访问IP地址的访问,就会令访问者可以绕过abc.com、def.com而直接访问到apache的默认内置网站。

所以要指定IP地址禁止访问:

ServerName 公网IP地址

ServerAlias 公网IP地址

并且:

“Allow from all”改为“Deny from all”

最后附上我的四个设定文件,有问题请随时留言,尽复。

ServerAdmin [email protected]

ServerName localhost

ServerAlias localhost

DocumentRoot /var/www

Options FollowSymLinks

AllowOverride all

Options Indexes FollowSymLinks MultiViews

AllowOverride all

Order allow,deny

Deny from all

allow from 127.0.0.0/255.0.0.0 ::1/128

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride all

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride all

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

【block_ip_access】

ServerAdmin [email protected]

ServerName 198.74.48.110

ServerAlias 198.74.48.110

DocumentRoot /var/www

Options FollowSymLinks

AllowOverride all

Options Indexes FollowSymLinks MultiViews

AllowOverride all

Order allow,deny

Deny from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride all

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Deny from all

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride all

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

【网站1】

ServerAdmin [email protected]

ServerName beec-edu.com

ServerAlias www.beec-edu.com

DocumentRoot /var/www/beec-ifc

Options FollowSymLinks

AllowOverride all

Options Indexes FollowSymLinks MultiViews

AllowOverride all

Order allow,deny

allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride all

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride all

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

【网站2】

ServerAdmin [email protected]

ServerName beec-ifc.com

ServerAlias www.beec-ifc.com

DocumentRoot /var/www/beec-ifc

Options FollowSymLinks

AllowOverride all

Options Indexes FollowSymLinks MultiViews

AllowOverride all

Order allow,deny

allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride all

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks

AllowOverride all

Order deny,allow

Deny from all

Allow from 127.0.0.0/255.0.0.0 ::1/128

声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。