嗨,我正在加固一个使用Apache作为Web服务器的WordPress网站。我想阻止来自servername.admin.company.com的访问。我尝试根据在此看到的每个答案编辑HTACCESS,但是该站点从https://domainname.com开始500秒钟。安全问题很多,我们认为最好的处理方法是完全阻止访问,因为没有人真正需要这种访问方式。
这是我的虚拟主机文件:
' <Directory "/var/www/directory">
AllowOverride All
Options -Indexes +FollowSymLinks
Require all granted
Require not host servername.admin.company.com
</Directory>
DirectoryIndex index.php index.html
<VirtualHost *:80>
ServerName site.com
ServerAlias www.site.com
DocumentRoot "/var/www/directory"
# Enable HSTS (tell browsers to use only HTTP)
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;"
<Directory "/var/www/html">
AllowOverride All
Options -Indexes +FollowSymLinks
Require all granted
</Directory>
RewriteEngine on
RewriteRule "^(.*/)?\.git/" - [F,L]
RedirectMatch 404 /\.git
</VirtualHost>
<VirtualHost *:80>
ServerName business.site.com
ServerAlias subdomain.site.com
ServerAlias www.business.site.com
DocumentRoot "/var/www/directory"
# Enable HSTS (tell browsers to use only HTTP)
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;"
<Directory "/var/www/site">
AllowOverride All
Options -Indexes +FollowSymLinks
Require all granted
</Directory>
RewriteEngine on
RewriteRule "^(.*/)?\.git/" - [F,L]
RedirectMatch 404 /\.git
CustomLog /var/log/httpd/site-requests.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName business.site.com
ServerAlias directory.site.com
ServerAlias www.subfolder.site.com
DocumentRoot "/var/www/sitefolder"
# Enable HSTS (tell browsers to use only HTTP)
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;"
<Directory "/var/www/sitefolder">
AllowOverride All
Options -Indexes +FollowSymLinks
Require all granted
</Directory>
RewriteEngine on
RewriteRule "^(.*/)?\.git/" - [F,L]
RedirectMatch 404 /\.git
CustomLog /var/log/httpd/sitefolder-requests.log combined
ErrorLog /var/log/httpd/sitefolder-error.log
</VirtualHost>
'
答案 0 :(得分:0)
您可以通过iptables
,.htaccess
等多种方式来实现。
请访问此URL,在那里您需要做的充分记录在案:
https://httpd.apache.org/docs/2.4/en/howto/access.html
希望对您有帮助。