Apache 2.4 的 ACL

最後更新: 2022-09-28

 

 


Apache 的 ACL

 

2.2 -> 2.4

V 2.2

Order deny,allow
Deny from all

V 2.4

 * The Require must not be combined with the deprecated "Order allow,deny" directives

否則不論 Require 是什麼也會被 deny

# Order allow,deny
Require all denied

 * 當有幾個" Require" 而又無被 <RequireAll> 包住, 咁就當被包住 <RequireAny>

Enclose a group of authorization

<RequireAll>
    ...
</RequireAll>

<RequireAny>
    ...
</RequireAny>

RequireAny

 * Apache 2.4 沒有了 "Satisfy Any", 改用了 "<RequireAny>"

P.S.

Satisfy 係可以設定在 host-level ACL 或 user authentication 的滿足條件

i.e.

Satisfy Any

相當於

Require valid-user
Require ip x.x.x.x

  * 當有多項 "Require ip" 時, 它們是被視為 <RequireAny> 關係的.

Require 的 OPTS

Require all granted
Require all denied
Require env env-var [env-var] ...                 # Access is allowed only if one of the given environment variables is set.
Require method http-method [http-method]
Require expr expression

Some of the allowed syntaxes provided by

mod_authz_user:

Require user userid [userid] ...

Require valid-user

mod_authz_groupfile are:

Require group group-name [group-name] ...

Require valid-user

mod_authz_host

Subnet

Require ip 10 172.16.0.0/12 192.168.0.0/255.255.0.0

多行

Require ip 10
Require ip 172.16.0.0/12
Require ip 192.168.0.0/16

 

Require ip 10 \
    172.16.0.0/12 \
    192.168.0.0/16 \

P.S.

Access controls which are applied in this way are effective for all methods.

<Limit> - apply access controls only to specific methods

<Limit POST PUT DELETE>
  Require valid-user
</Limit>

 


Deny from a List

 

.conf setting

<Location />
   <RequireAll>
      Require all granted
      Include conf/IPList.conf
   </RequireAll>
</Directory>

IPList.conf

Require not ip 10.10.1.23

 


Basic Login

 

# Access Control
AuthName          "Restricted Area"
AuthType          Basic
AuthBasicProvider file
AuthUserFile      /home/vhosts/xxxx/htpasswd
Require           valid-user

 


Troubleshoot

 

Q1. 加了 "Require valid-user" 導致 "404"

A1. 加入 'ErrorDocument 401 "Authorisation Required"' 就可以解決

 

 

 

Creative Commons license icon Creative Commons license icon