Hi MegaBrutal,Thansk for your answer, the version of our installed apache httpd is 2.2.15-39.el6.centos.
We already did the access control on the PHP side, and we also want to do this on the apache httpd side to protect our website.
Bu Xiaobing On 2014-12-1 21:20, MegaBrutal wrote:
2014-11-21 12:48 GMT+01:00 Rainer M. Canavan <rainer.canavan@xxxxxxxxxxxx>:On Nov 21, 2014, at 08:48 , Bu Xiaobing <buxiaobing@xxxxxxxxxxxxx> wrote:Hi All, I want to do the httpd URL access control through visitors' IP addresses as the following : all source IP address can visit ^/action.php?login and only specified IP addresses can visit ^/action.php?manage Anyone can give me some advises?You've probably noticed that the usual mechanisms like Directory, Location and LocationMatch don't evaluate the query string. You'll probably have to use a RewriteRule preceded by RewriteCond %{QUERY_STRING} manage or something similar, in combination with <Location /action.php> Allow From IP.IP.IP.IP </LocationIt also worth to clarify the Apache version in question, as it's a major change between 2.2 and 2.4 that Allow, Deny directives got deprecated, and should be updated to Require. Some recent Linux distros and FreeBSD already ship 2.4, so I think it's time to get familiar with its features and caveats. I know the question is how to solve access control in Apache, but in this particular case I'd also consider to make the distinction at PHP-level. Most PHP-based websites do that and don't rely on the web server config to do proper access control. Be prepared to also account for IPv6 addresses, if your web server also serves over IPv6. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|