【发布时间】:2013-08-25 23:42:45
【问题描述】:
我有一个通过 mod_wsgi 在 Apache 下运行的 web2py 应用程序。 如何根据源 IP 限制对管理页面 (www.myapp.com/admin) 的访问?
理想情况下,我直接在 Apache 中执行此操作有两个原因:1)我假设 Apache 可以更有效地访问源 IP [需要引用] 2)我不想修改 web2py 中的股票管理页面阻止特定 IP。
我的(精简版)配置如下所示:
<VirtualHost *:80>
WSGIDaemonProcess web2py user=myapp group=myapp
WSGIProcessGroup web2py
WSGIScriptAlias / /home/myapp/myapp/wsgihandler.py
TimeOut 45
ServerName myapp.com
ServerAlias www.myapp.com
<Directory /home/myapp/myapp>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
#======================================
# THIS IS WHAT I TRIED THAT DIDN'T WORK
<Directory /home/myapp/myapp/admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
#======================================
AliasMatch ^/static/(.*) \
/home/myapp/myapp/applications/myapp/static/$1
<Directory /home/myapp/myapp/applications/myapp/static/>
Options -Indexes
Order Allow,Deny
Allow from all
</Directory>
# HTTPS enforcement
# Out of convenience, forward /a* to https, covers /admin /appadmin and /a (front facing admin)
RedirectMatch ^/a(.*) https://myapp.com/a$1
RedirectMatch ^/c/(.*) https://myapp.com/c/$1
RedirectMatch ^/w/user/login(?:/(.*)|$) https://myapp.com/w/user/login/$1
RedirectMatch ^/w/user/register(?:/(.*)|$) https://myapp.com/w/user/register/$1
CustomLog /var/log/apache2/access.log common
ErrorLog /var/log/apache2/error.log
</VirtualHost>
请注意,我有一个类似的用于端口 443 的 VirtualHost。我只是为了冗余而没有包括它。
通常情况下,我的理解是我可以使用目录符号之类的东西来拒绝对某些目录的访问。但是,上面没有工作,我想知道它是否与 WSGIScriptAlias 指令有关。
【问题讨论】: