如何在 htaccess 中阻止某些服务器
how to block some server in htaccess
我知道拒绝从 .htaccess 中的 IP 地址访问的方法是:
<Limit GET POST>
order allow,deny
deny from 1.2.3.4
allow from all
</Limit>
要拒绝 .htaccess 中用户代理的访问,我可以这样做:
BrowserMatchNoCase baiduspider banned
Deny from env=banned
BrowserMatchNoCase WordPress bad_bot
Order Deny,Allow
Deny from env=bad_bot
但是access_log中的报道,我怎么能否认呢?
p4fe41437.dip0.t-ipconnect.de - - [27/Jan/2015:01:42:58 -0500] "GET / HTTP/1.1" 200 - "-" "Mozilla/5.0 Windows NT 6.1 WOW64 rv 16.0 Gecko/20100101 Firefox/16.0"
是否还有一种方法可以拒绝使用通配符,即 *.t-ipconnect.de?
谢谢。
请参阅 Allow/Deny (authz) 的 apache 文档。
Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.apache.org but it will not match fooapache.org. This configuration will cause Apache to perform a double reverse DNS lookup on the client IP address, regardless of the setting of the HostnameLookups directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.
所以你可以做部分主机名:
Deny from t-ipconnect.de
但是,请记住,这是通过使用完成的。因此,这意味着远程 IP 地址必须首先进行解析为 "something.t-ipconnect.de" 的反向查找,然后该主机必须进行与原始 IP 地址匹配的正向查找。如果不是这种情况,您将无法以这种方式进行阻止。
我知道拒绝从 .htaccess 中的 IP 地址访问的方法是:
<Limit GET POST>
order allow,deny
deny from 1.2.3.4
allow from all
</Limit>
要拒绝 .htaccess 中用户代理的访问,我可以这样做:
BrowserMatchNoCase baiduspider banned
Deny from env=banned
BrowserMatchNoCase WordPress bad_bot
Order Deny,Allow
Deny from env=bad_bot
但是access_log中的报道,我怎么能否认呢?
p4fe41437.dip0.t-ipconnect.de - - [27/Jan/2015:01:42:58 -0500] "GET / HTTP/1.1" 200 - "-" "Mozilla/5.0 Windows NT 6.1 WOW64 rv 16.0 Gecko/20100101 Firefox/16.0"
是否还有一种方法可以拒绝使用通配符,即 *.t-ipconnect.de?
谢谢。
请参阅 Allow/Deny (authz) 的 apache 文档。
Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.apache.org but it will not match fooapache.org. This configuration will cause Apache to perform a double reverse DNS lookup on the client IP address, regardless of the setting of the HostnameLookups directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.
所以你可以做部分主机名:
Deny from t-ipconnect.de
但是,请记住,这是通过使用完成的。因此,这意味着远程 IP 地址必须首先进行解析为 "something.t-ipconnect.de" 的反向查找,然后该主机必须进行与原始 IP 地址匹配的正向查找。如果不是这种情况,您将无法以这种方式进行阻止。