linux中apache服務的訪問控制（基於主機IP地址）

以下實驗使用三台虛擬機完成。

服務器端：PC1，192.168.10.10

客戶機端：PC2，192.168.10.20

客戶機端：PC3，192.168.10.30

1、PC1服務器端安裝apache服務

[root@PC1 ~]# yum install httpd -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
rhel7                                                    | 4.1 kB     00:00     
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch           Version                 Repository     Size
================================================================================
Installing:
 httpd               x86_64         2.4.6-17.el7            rhel7         1.2 M
Installing for dependencies:
 apr                 x86_64         1.4.8-3.el7             rhel7         103 k
 apr-util            x86_64         1.5.2-6.el7             rhel7          92 k
 httpd-tools         x86_64         2.4.6-17.el7            rhel7          77 k
 mailcap             noarch         2.1.41-2.el7            rhel7          31 k

Transaction Summary
================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                              5.8 MB/s | 1.5 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : apr-1.4.8-3.el7.x86_64                                       1/5 
  Installing : apr-util-1.5.2-6.el7.x86_64                                  2/5 
  Installing : httpd-tools-2.4.6-17.el7.x86_64                              3/5 
  Installing : mailcap-2.1.41-2.el7.noarch                                  4/5 
  Installing : httpd-2.4.6-17.el7.x86_64                                    5/5 
rhel7/productid                                          | 1.6 kB     00:00     
  Verifying  : mailcap-2.1.41-2.el7.noarch                                  1/5 
  Verifying  : httpd-tools-2.4.6-17.el7.x86_64                              2/5 
  Verifying  : apr-1.4.8-3.el7.x86_64                                       3/5 
  Verifying  : apr-util-1.5.2-6.el7.x86_64                                  4/5 
  Verifying  : httpd-2.4.6-17.el7.x86_64                                    5/5 

Installed:
  httpd.x86_64 0:2.4.6-17.el7                                                   

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7                 apr-util.x86_64 0:1.5.2-6.el7       
  httpd-tools.x86_64 0:2.4.6-17.el7        mailcap.noarch 0:2.1.41-2.el7       

Complete!

 

 

2、PC1端創建測試網站數據目錄及首頁文件

[root@PC1 ~]# cd /var/www/html/
[root@PC1 html]# ls
[root@PC1 html]# mkdir server
[root@PC1 html]# cd server/
[root@PC1 server]# ls
[root@PC1 server]# echo "1111122222333333" > index.html
[root@PC1 server]# ls
index.html
[root@PC1 server]# cat index.html 
1111122222333333

 

3、PC1端修改配置文件，設置訪問控制策略

……
125     AllowOverride None
126     # Allow open access:
127     Require all granted
128 </Directory>
129 <Directory "/var/www/html/server">
130 Order allow,deny 131 Allow from 192.168.10.20 ## 此處設置只允許 192.168.10.20主機訪問
132 </Directory>
133 # Further relax access to the default document root:
134 <Directory "/var/www/html">
……

 

4、PC1端重啟apache服務

[root@PC1 server]# systemctl restart httpd
[root@PC1 server]# systemctl status httpd | head -n 5
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: active (running) since Fri 2020-12-18 00:37:17 CST; 3s ago
  Process: 4053 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 4057 (httpd)

 

5、PC1服務器端清空防火牆策略

[root@PC1 server]# iptables -F
[root@PC1 server]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

 

6、PC1端測試效果（PC1端192.168.10.10不在允許主機中）

 

 

7、PC2端測試訪問效果（PC2，192.168.10.20在允許主機名單中）

 

 

 

8、PC3端測試訪問效果（PC3 192.168.10.30不在允許名單中）

 

 

 

9、PC1端修改訪問控制配置文件

[root@PC1 server]# vim /etc/httpd/conf/httpd.conf
……
127     Require all granted
128 </Directory>
129 <Directory "/var/www/html/server">
130 Order allow,deny
131 Allow from 192.168.10.10 192.168.10.30
132 </Directory>
133 # Further relax access to the default document root:
134 <Directory "/var/www/html">
135     #
……

 

 

10、PC1端重啟apache服務

[root@PC1 server]# systemctl restart httpd
[root@PC1 server]# systemctl status httpd | head -n 5
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
   Active: active (running) since Fri 2020-12-18 00:44:51 CST; 14s ago
  Process: 4240 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 4244 (httpd)

 

11、PC1端測試訪問效果（192.168.10.10在允許清單）

 

 

 

12、PC2測試訪問效果（192.168.10.20不在允許清單）

 

 13、PC3測試訪問效果（192.168.10.30在允許清單）

 

 

以上實驗實現了基於主機IP的apache訪問控制。