Apache 2.4 的 ACL

最後更新: 2016-03-30

 

 


Apache 的 ACL

 

enclose a group of authorization

<RequireAll>
    ...
</RequireAll>

<RequireAny>
    ...
</RequireAny>

 * Apache 2.4 沒有了 "Satisfy Any", 改用了 "<RequireAny>"

P.S.

Satisfy 係可以設定在 host-level ACL 或 user authentication 的滿足條件

i.e.

Satisfy Any

相當於

<RequireAny>
        Require valid-user
        Require ip x.x.x.x
</RequireAny>

Require 的 OPTS

Require all granted
Require all denied
Require env env-var [env-var] ...                 # Access is allowed only if one of the given environment variables is set.
Require method http-method [http-method]
Require expr expression

Some of the allowed syntaxes provided by

mod_authz_user:

Require user userid [userid] ...

Require valid-user

mod_authz_groupfile are:

Require group group-name [group-name] ...

Require valid-user

mod_authz_host

Require ip 10 172.20 192.168.1.0/24 192.168.2.0/255.255.255.0

P.S.

Access controls which are applied in this way are effective for all methods.

<Limit> - apply access controls only to specific methods

<Limit POST PUT DELETE>
  Require valid-user
</Limit>

 


Deny from an IP

 

.conf setting

<Location />
   <RequireAll>
      Require all granted
      Include conf/IPList.conf
   </RequireAll>
</Directory>

IPList.conf

Require not ip 10.10.1.23

 


Basic Login

 

# Access Control
AuthName          "Restricted Area"
AuthType          Basic
AuthBasicProvider file
AuthUserFile      /home/vhosts/xxxx/htpasswd
Require           valid-user

 


Troubleshoot

 

Q1. 加了 "Require valid-user" 導致 "404"

A1. 加入 'ErrorDocument 401 "Authorisation Required"' 就可以解決