Apache 阻止某个 IP 地址访问网站
有人试图访问类似的页面
//mysqladmin//scripts/setup.php
这是一些黑客尝试还是..?
如果是的话我怎样才能阻止它的IP访问我的网站?
通过 htaccess 还是其他方式?
someone trying to access pages like
//mysqladmin//scripts/setup.php
Is it some hack attempt or .. ?
If yes then how i can block its ip from accessing mine website ?
Via htaccess or something else ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于那些仍然在这里的人来说,作为对这个老问题的更新:
从 Apache 2.4 开始,
Order Allow Deny
已被弃用,应该使用Require
。Allow from all
的示例仅拒绝对 IP 1.2.3.4 的访问。Deny from all
的示例仅允许访问 IP 1.2.3.4:还可以指定 IP 范围、网络掩码、CIDR 表示法等。
https://httpd.apache.org/docs/2.4/mod/mod_access_compat。 html(已弃用)
https://httpd.apache.org/docs/2.4/mod/ mod_authz_core.html#require
As an update to this old question for those who still land here:
Order Allow Deny
are deprecated as of Apache 2.4 andRequire
should be used.An example of
Allow from all
to deny access to only IP 1.2.3.4.An example of
Deny from all
to allow access to only IP 1.2.3.4:IP ranges, netmasks, CIDR notation, etc. can also be specified.
https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html (Deprecated)
https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
要阻止特殊 IP 地址,您可以将以下内容放入您想要限制的目录中的 .htaccess 文件中:
其中 1.2.3.4 是您想要阻止的 IP。
但请注意,IP 地址会更改用户,攻击者也会更改 IP 地址。
因此,这不会保护您的应用程序并可能阻止合法访问者。
更好的解决方案是确保您的脚本不接受恶意路径。
To block special IP addresses you can put the following in a .htaccess file located in your directory, you like to restrict:
Where 1.2.3.4 is the IP you like to block.
But note that IP adresses change users and also attackers change IP adresses.
So this will not secure your application and potentially block leagal visitors.
The better solution will be to make sure your script does not accept malicious paths.