§©ÂI©~®a¥Í¬¡¡I±MÀç¦U¦¡µ¡Ã®¡B©Ôªù¡B¾À¯Èµ¥
¥´³y±MÄÝ©ó±zªººë½oªÅ¶¡¡AÅwªï¬¢¸ß		¦Ê¸­µ¡¨t²Î®a¨ãÃoÂd³]­p±M®a¡AÀ³¥Î½d³ò²[»\«ÈÆU
¼p©Ð¡Bª×«Çµ¥¡A°ª«~½è§âÃö¡AÅwªï¿ïÁÊ¡I

­º­¶  ¡E  maids ½×¾Â ¡E µ{¦¡³]­p°Q½×     ¡E 

apache ÂsÄýÅv­­ªº³]©w°Ê� (order, limit)

©ÐªF¡GªüÀs
µoªí®É¶¡¡G2007-02-23


«¥­Ìªº Apache ³]©wÀɤº´N¥i¥H«ü©w­­¨îÂsÄý¨Ó·½ªº°Ê§@¤F¡I
§Ú­Ì¥i¥H°w¹ï¨Ó·½ IP ©Îºô°ì¨Ó­­¨î©O¡I
´N¥H Order ³o­Ó­­¨î°t¦X Allow ¤Î Deny ¨Ó³B²z§Y¥i¡C
¦A¦¸ªº±j½Õ¤@¤U¡G

Order deny,allow¡G¥H deny Àu¥ý³B²z¡A¦ý¨S¦³¼g¤J³W«hªº«h¹w³]¬° allow ¡C±`¥Î©ó¡G©Úµ´©Ò¦³¡A¶}©ñ¯S©wªº±ø¥ó¡F
Order allow,deny¡G¥H allow ¬°Àu¥ý³B²z¡A¦ý¨S¦³¼g¤J³W«hªº«h¹w³]¬° deny¡C ±`¥Î©ó¡G¶}©ñ©Ò¦³¡A©Úµ´¯S©wªº±ø¥ó¡C
¦pªG allow »P deny ªº³W«h·í¤¤¦³­«½Æªº¡A«h¥H¹w³]ªº±¡ªp (Order ªº³W½d) ¬°¥D¡C

Á|¨Ò¨Ó»¡¡A¦pªG§Ú­Ìªº­º­¶·Q­nÅý 192.168.1.11 ¤Î¬F©²³¡ªùµLªk³s½u¡A¨ä¥Lªº«h¥i¥H³s½u¡A
¥Ñ¤W­±ªº»¡©ú§A¥i¥Hª¾¹D¬O¶}©ñ©Ò¦³©Úµ´¯S©wªº±ø¥ó¡A©Ò¥H§A¥i¥H³o¼Ë°µ³]©w¡G
[root@linux ~]# vi /etc/httpd/conf/httpd.conf

Options FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
deny from 192.168.1.11
deny from .gov.tw



ª`·N¤@¤U¡A¦]¬° Order ¬O¡y allow,deny ¡z¡A
©Ò¥H©Ò¦³³W«h·í¤¤ÄÝ©ó allow ªº³£·|³QÀu¥ý´£¨ì³Ì¤W¤è¡A
¬°¤FÁקK³o­Ó³]­p¤Wªº§xÂZ¡A©Ò¥H«Øij§Aª½±µ±N allow ªº³W«h¼g¦b³Ì¤W¤è¡C
¦Ó¥Ñ©ó³W«h·í¤¤ 192.168.1.11 ÁõÄÝ©ó all ·í¤¤ (all ¥Nªí©Ò¦³ªº¹À¡I)¡A
¦]¦¹³o­Ó³]©w¶µ¥Ø«h¬°¹w³]­È¡A ¥ç§Y¬° deny °Õ¡I
¨º­Ó .gov.tw ªº³]©w¶µ¥Ø¤]¤@¼Ë¡C
¦pªG¬O©³¤Uªº¼Ò¼Ë¡G
[root@linux ~]# vi /etc/httpd/conf/httpd.conf
# ©³¤U¥i¬O­Ó¿ù»~ªº¥Ü½d¡A½Ð¥J²Ó¬Ý¤U­Ó¬q¸¨ªº¸Ô²Ó»¡©ú³á¡I

Options FollowSymLinks
AllowOverride None
Order deny,allow
deny from 192.168.1.11
deny from .gov.tw
allow from all


ÁöµM deny ·|¥ý®¿¨ì¤W¤è¨Ó³B²z¡A¤£¹L¦]¬° 192.168.1.11 ¬O¦b all ªº½d³ò¤º¡A©Ò¥Hµo¥Í­«½Æ¡A
¦]¦¹³o­Ó³]©w­È±N·|¥H¹w³]ªº allow ¬°¥D¡A¦]¦¹´NµLªk­­¨î¦í³o­Ó 192.168.1.11 ªº¦s¨ú¡I

¨ÒÃD¡G
¦pªG¦³­ÓÀ³¸Ó­n«OÅ@ªº¤º³¡¥Ø¿ý¡A°²³]¦b /var/www/html/lan/ ¡A
¶È­nÅý 192.168.1.0/24 ³o­Óºô°ì¥i¥HÂsÄýªº¸Ü¡A¨º»ò§AÀ³¸Ó­n¦p¦ó³]©wªº¦n¡H

榭G
³o­Ó®×¨Ò·í¤¤¦³ÂI¹³¬O¡y©Úµ´©Ò¦³³s½u¡A¶È±µ¨ü¯S©w³s½u¡zªº¼Ë¤l¡A
¦]¦¹¥i¥H¨Ï¥Î deny,allow ¨º­Ó±¡ªp¡A ©Ò¥H§A¥i¥H³o¼Ë°µ¡G


Options FollowSymLinks
AllowOverride None
Order deny,allow
deny from all
allow from 192.168.1.0/24


¨Æ¹ê¤W¡A¦pªG·Q­nÅý¬Y­Óºô°ì©ÎªÌ¬O IP µLªkÂsÄýªº¸Ü¡A³Ì¦nÁÙ¬O§Q¥Î iptables ¨Ó³B²z¤ñ¸û§´·í¡C
¤£¹L¦pªG¶È¬O¬Y¨Ç­«­n¥Ø¿ý¤£·QÅý¤H®a¨Ó¬d¾\ªº¸Ü¡A
¨º»ò³o­Ó allow, deny »P order ªº³]©w¸ê®Æ¥i´N«Ü­È±o°Ñ¦Ò¤F¡C

¦Ó°£¤F³o­Ó order ³]©w­È¤§¥~¡A§Ú­ÌÁÙ¦³­Ó­­¨î¥Î¤áºÝ¯à°÷¶i¶i¦æ°Ê§@ªº³]©w³á¡I ¨º´N¬O Limit ³o­Ó³]©w°Õ¡I
Á|¨Ò¨Ó»¡¡A
¦pªG§Ú­Ì·Q­nÅý¨Ï¥ÎªÌ¦b /var/www/html/lan ³o­Ó¥Ø¿ý¤U¶È¯à¶i¦æ³Ì¶§¬Kªº GET, POST, OPTIONS ªº¥\¯à¡A
°£¤F³o´X­Ó¤§¥~ªº¨ä¥L¥\¯à³q³q¤£¤¹³\¡A ¨º»ò§A¥i¥H³o¼Ë°µ¡G
[root@linux ~]# vi /etc/httpd/conf/httpd.conf

AllowOverride none
Options FllowSymLinks

# ¥ý¤¹³\¯à°÷¶i¦æ GET, POST »P OPTIONS °Õ¡I

Order allow,deny
Allow from all


# ¦A³W©w°£¤F³o¤T­Ó°Ê§@¤§¥~¡A¨ä¥Lªº°Ê§@³q³q¤£¤¹³\°Õ¡I

Order deny,allow
Deny from all



³z¹L Limit »P LimitExcept ´N¯à°÷³B²z¥Î¤áºÝ¯à°÷¶i¦æªº°Ê§@°Õ¡I
¤]´N¦³¿ìªk°w¹ï§Aªº¸ê®Æ¶i¦æ²Ó³¡«OÅ@Åo¡C
¤£¹L³o¨Ç«OÅ@¯uªº«Ü²Ó³¡¡A¤@¯ë¤pºô¯¸¤j­P¤W¥Î¤£¨ì Limit ³o­Óª±·N¨à»¡¡C


  • ÃÙ§Uºô¯¸       

    ¼s§Q¤£°Ê²£-·sªO¯S°Ï«ü¦W«×³Ì°ª¡B­È±o±z«H¿àªº¦n©Ð¥ò
    ±zªº¦«¥I,¼s§Q¥Î¤ß¬°±zªA°È
    ¼s§Q¤£°Ê²£-ªO¾ô¦b¦a¥Í®Ú³Ì¹ê¦b--·sªO¯S°Ï«ü¦W«×³Ì°ª¡B­È±o±z«H¿àªº¦n©Ð¥ò
    §¹¾ã©Ð°T¡A©Ð«Î¡B©±­±¼öªùºë¿ïª«¥ó¡A¼s§Q¤£°Ê²£ Àu½è¥ò¤¶¡A©Ð«Î¯²¸î¡B¶R½æ¸ê°T³z©ú¡A¥æ©ö¯u¦w¤ß¡I


    • ¡@¦@ 0 ¤H¦^À³

    ©m¦W¡G
    §G§i¤º®e¡G