Modify Options to All (mainly Index) to return to directory files
After completing the apache and tomcat, I feel it is necessary to straighten out the properties below it.
How to access the directory under the root directory http://192.168.1.12/test/
First. The default apache does not allow access to the http directory (no definition, no access permission)
Access Directoryhttp://192.168.1.12/test/ Will display: Forbidden You don't have permission to access /test/ on this server.
second. Unlimited directory access
Add definitions to open unlimited directory access
<Directory /home/macg/www/test>
Options All
AllowOverride all
</Directory>
When accessing again, it will be displayed as follows:
Apache/2.0.54 (Fedora) Server at 192.168.1.12 Port 80
Index of /test
Name Last modified Size Description
------------------------------------------------------------
Parent Directory -
29-Nov-2006 21:02 36K
29-Nov-2006 21:03 41K
29-Nov-2006 21:03 47K
29-Nov-2006 22:02 1.2K
29-Nov-2006 22:02 1.1K
29-Nov-2006 22:02 1.4K
29-Nov-2006 22:02 1.8K
29-Nov-2006 22:02 2.3K
-------------------------------------------------------------
Apache/2.0.54 (Fedora) Server at 192.168.1.12 Port 80 Actual AllowOverride
all is the enable .htaccess directory restriction function.
But there is no .htaccess file in the test directory
Equal to open access, unlimited.
third. Restricted directory access
Copy .htaccess from other directories into the directory you want to restrict access
[root@localhost test]# ls -a
. ..
[root@localhost test]# cp ../test1/.htaccess .
[root@localhost test]# ls -a
. .. .htaccess
[root@localhost test]# more .htaccess
authType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/passwords
Require valid-user
Visit http://192.168.1.12/test/
The identity authentication window will pop up, enter the username and password to access the directory
.htaccess directory restriction configuration
To use the .htaccess file, first create <Directory></Directory> in the
<Directory "/home/macg/www/test">
Options All
Allow operations on directories,ALL---All operations
AllowOverride all
AllowOverride all----allow.htaccessAll instructions,The default isall
AllowOverride None ----Totally ignored.htaccessdocument
</Directory>
Use /usr/bin/htpasswd to create a password file for authentication.
And this file should not be placed in the DocumentRoot directory to avoid downloading.
It is recommended to create it in the /etc/httpd/ directory:
[root@localhost httpd]# /usr/bin/htpasswd -c
/etc/httpd/passwords macg
-cCreate a file
New password:
Re-type new password:
Adding password for user macg
[root@localhost httpd]# /usr/bin/htpasswd
/etc/httpd/passwords gary
No-cJust simpleadduser Add users
New password:
Re-type new password:
Adding password for user gary
[root@localhost httpd]# more /etc/httpd/passwords
macg:U8jCwSsZyAB2g
gary:06yCDyg7AijlM
Create a .htaccess file in a restricted directory
[root@localhost test]# ls -a
. .. .htaccess
[root@localhost test]# more .htaccess
authType Basic
authType--------Certification Type
Depend onmod_auth_basicProvidedBasic
Basic authentication method does not encrypt passwords from the user's browser (plain text transmission). A more secure authentication method "AuthType Digest", that is, a digest authentication provided by mod_auth_digest
The latest browser version supports MD5 authentication
(Authentication, the server response speed will be affected some, and generally hundreds of users will have a very obvious impact on the response speed)
AuthName "Restricted Files" AuthName "Member Zone"
This sentence is displayed to the user
AuthUserFile /etc/httpd/passwords
This directory accepts authentication requests that define users in passwords
or
Require macg
This directory only accepts single user macg (unix user) authentication request
The meaning of directives in <Directory >/Directory>
<Directory "/home/macg/www/test">
Options All
AllowOverride all
</Directory>
Optionsinstruction-------Directory access features
option none Disable all operations on directories
option all Allow all operations on directories,ALL---All operations
option ExecCGI For this directory,Can be executedcgiscript
option Indexes Allow access to this directory(And this directory does not)hour,Return to the list of files in the directory
option FollowSymLinks Only directories are allowedFollowSymLinksoperate
AllowOverrideinstruction
None Not read.htaccess
all all----allow.htaccess所有instruction,The default isall
Limit .htaccessThe specific host of the letter cover(allow,deny)
AuthConfig .htaccess函盖跟认证有关instruction(AuthType,AuthName)
<Directory >/Directory> also takes effect on all subdirectories below
So first configure the root directory/, which is equivalent to setting the default configuration
First configure the root directory/, which is equivalent to setting the default configuration
<Directory />
Options FollowSymLinks Disable access to directories(optionOnly directories are allowedFollowSymLinksoperate)
AllowOverride None Not read.htaccess
Order deny,allow deny all
Deny from all
</Directory>
<Directory "/usr/local/apache2/htdocs">
Options Indexes FollowSymLinks Only access is allowedindexand connect
AllowOverride None
Order allow,deny Accept the parent directory(/)ofdeny all,This is alsodeny all
Allow from all
</Directory>
order allow deny —————————Operations like blocking IP
Apache module mod_authz_host
<Directory /docroot> Order Deny,Allow Deny from ... Allow from ... </Directory>
Note the order:
Except for the ones that are allowed later, everything else is deny
Typical IP blocked
Order Allow,Deny
Allow from all
Deny from 205.252.46.165
Note the order:
Except for the ones that are later deny, everything else is allowed
Deny from 192.168.2 Typical blocked segment
It is clear above. You can set an example
Apache configuration for multi-virtual hosts and multi-virtual paths
ServerName localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/home/work/"
Ensure that all projects are placed in the /home/work/ directory, this directory is only configured
<Directory "/home/work/">
Options None
AllowOverride None
Require all denied
</Directory>
The first thing is to specify the default DocumentRoot
No negotiation, must be placed in the root path declared
No severName configuration is required
<VirtualHost 127.0.0.1:8800>
DocumentRoot "/home/work/www/htdocs"
<Directory /home/work/www/htdocs>
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
If multiple hosts are not required, then
Add virtual hosts, virtual directories, etc.
Note: Set ServerAlias for the first host name if multiple domain name mappings
Alias Pay attention to the position of "/"
```clike
<VirtualHost :8800>
DocumentRoot "/home/work/workspace"
ServerName
# ServerAlias
<Directory /home/work/workspace>
Options FollowSymLinks
AllowOverride none
Require all granted
</Directory>
Alias /phpMyAdmin "/home/work/www/htdocs/phpMyAdmin/"
# Add a log analysis, rotatelogs needs to be installed by yourself LogFormat "{method:\"%m\",state:\"%s\",protocol:\"%H\",url:\"%U\",time:\"%{%Y-%m-%d %T}t\",ua:\"%{User-Agent}i\",query:\"%q\",refer:\"%{Referer}i\",server:\"%V\"}" seo
CustomLog "|/usr/sbin/rotatelogs logs/seo_%Y%m% 86400 480" seo
</VirtualHost>
## Same as other host configurationsOf course, for the various configuration properties of this directory But the following is2.2Properties of exist2.4A little change has been made in so2.4Still need to query the document But it should be easy to base the base with the following explanation AllowandDenyCan be used forapacheofconfFile or.htaccessIn the file(Cooperate Directory, Location, Fileswait),用来控制目录and文件of访问授权。 so,最常用of是: Order Deny,Allow Allow from All Notice“Deny,Allow”There is only one comma in the middle,There can only be one comma,Any spaces will appear wrong;单词of大小写不限。上面设定of含义是先设定“Check the prohibited settings first,No 禁止of全部允许”,而第二句NoDeny,也就是No禁止访问of设定,straight All access is allowed。这个主要是用来确保or覆盖上级目录of设置,open 放所有内容of访问权。 按照上面of解释,下面of设定是无条件禁止访问: Order Allow,Deny Deny from All 如果要禁止部分内容of访问,其他of全部open放: Order Deny,Allow Deny from ip1 ip2 or Order Allow,Deny Allow from all Deny from ip1 ip2 apacheWill followorderDecide which rule to use in the end,比如上面of第二种方式,although But the second sentenceallowAccess is allowed,但Depend onAtexistordermiddleallowNot the last rule,Therefore, 需要看有Nodenyrule,So the third sentence,conform toip1andip2of访问就被禁止 It's。Notice,order决定of“at last”rule非常重要,下面是两个wrong误of例子and How to correct: Order Deny,Allow Allow from all Deny from wrong误:想禁止来自of访问,butdenyNot the last rule,apacheexist Processing to the second sentenceallowof时候就已经匹配成功,I won't read the third sentence at all。 Solution:Order Allow,Deny,The next two sentences remain unmoved,Just。 Order Allow,Deny Allow from ip1 Deny from all wrong误:Want to only allow fromip1of访问,but,althoughBut the second sentencemiddle设定It'sallowrule,Depend on Atordermiddledenyexist后,so会以第三句denyWhichever,而第三句of范围middle又明显 包含It'sip1(all include ip1),so所有of访问都被禁止It's。 Solution一:straight接去掉第三句。 Solution二: Order Deny,Allow Deny from all Allow from ip1 下面是测试过of例子: -------------------------------- Order deny,allow allow from all deny from 219.204.253.8 All are accessible ------------------------------- Order deny,allow deny from 219.204.253.8 allow from all All are accessible ------------------------------- Order allow,deny deny from 219.204.253.8 allow from all only219.204.253.8Not accessible ------------------------------- Order allow,deny allow from all deny from 219.204.253.8 only219.204.253.8Not accessible ------------------------------- ------------------------------- Order allow,deny deny from all allow from 219.204.253.8 全部都Not accessible ------------------------------- Order allow,deny allow from 219.204.253.8 deny from all 全部都Not accessible ------------------------------- Order deny,allow allow from 219.204.253.8 deny from all Only allowed219.204.253.8Pass ------------------------------- Order deny,allow deny from all allow from 219.204.253.8 Only allowed219.204.253.8Pass ------------------------------- -------------------------------- Order deny,allow All are accessible(默认of) ------------------------------- Order allow,deny 全部都Not accessible(默认of) ------------------------------- Order allow,deny deny from all 全部都Not accessible ------------------------------- Order deny,allow deny from all 全部都Not accessible ------------------------------- 对At上面两种情况,If changedallow from all,则All are accessible! ------------------------------- Order deny,allow deny from 219.204.253.8 only219.204.253.8Not accessible ------------------------------- Order allow,deny deny from 219.204.253.8 全部都Not accessible ------------------------------- Order allow,deny allow from 219.204.253.8 Only allowed219.204.253.8Pass ------------------------------- Order deny,allow allow from 219.204.253.8 All are accessible ------------------------------- ------------------------------- order deny,allow allow from 218.20.253.2 deny from 218.20 Representatives refuse218.20open头ofIP,But allow218.20.253.2pass;And other218.20open头ofIP也都允许pass。 ------------------------------- order allow,deny allow from 218.20.253.2 deny from 218.20 and上面of差不多,只是掉换oforder语句middleofallow、denySequence,But the most The final result indicates that all of them are rejected!
This is the article about the implementation of all files under the apache configuration access site. For more related files under the apache configuration access site, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!