如何使用带有mod_wsgi的Apache阻止URL模式

时间:2013-08-23 03:10:34

标签: apache mod-wsgi web2py

我有一个通过mod_wsgi在Apache下运行的web2py应用程序。 如何根据源IP限制对管理页面(www.myapp.com/admin)的访问?

理想情况下,我直接在Apache中执行此操作有两个原因:1)我认为Apache可以更有效地访问源IP [需要引证]和2)我不想将web2py中的库存管理页面修改为阻止特定的IP。

我的(删节)配置看起来像这样:

<VirtualHost *:80>
  WSGIDaemonProcess web2py user=myapp group=myapp
  WSGIProcessGroup web2py
  WSGIScriptAlias / /home/myapp/myapp/wsgihandler.py

  TimeOut 45

  ServerName myapp.com
  ServerAlias www.myapp.com


  <Directory /home/myapp/myapp>

    AllowOverride None
    Order Allow,Deny
    Deny from all

    <Files wsgihandler.py>
      Allow from all
    </Files>

  </Directory>

  #======================================
  # THIS IS WHAT I TRIED THAT DIDN'T WORK
  <Directory /home/myapp/myapp/admin>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
  </Directory>
  #======================================

  AliasMatch ^/static/(.*) \
           /home/myapp/myapp/applications/myapp/static/$1
  <Directory /home/myapp/myapp/applications/myapp/static/>
    Options -Indexes 
    Order Allow,Deny
    Allow from all
  </Directory>

  # HTTPS enforcement
  # Out of convenience, forward /a* to https, covers /admin /appadmin and /a (front facing admin)
  RedirectMatch ^/a(.*) https://myapp.com/a$1
  RedirectMatch ^/c/(.*) https://myapp.com/c/$1
  RedirectMatch ^/w/user/login(?:/(.*)|$) https://myapp.com/w/user/login/$1
  RedirectMatch ^/w/user/register(?:/(.*)|$) https://myapp.com/w/user/register/$1

  CustomLog /var/log/apache2/access.log common
  ErrorLog /var/log/apache2/error.log
</VirtualHost>

请注意,我有一个类似于端口443的VirtualHost。我只是为了冗余而没有包含它。

通常情况下,我的理解是我可以使用目录表示法来拒绝访问某些目录。但是,上面的方法不起作用,我想知道它是否与WSGIScriptAlias指令有关。

1 个答案:

答案 0 :(得分:1)

使用:

<Location /admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
相关问题
最新问题