在集群/云环境中使用 .htaccess 通过 IP 设置文件限制
找到答案,请参阅文章结尾
当您托管在集群/云环境(更具体地说,Rackspace Cloud)中时,如何通过 IP 限制对文件的访问。昨天,我在此处提出了类似的问题,并收到以下答案,在我本地的测试环境中效果很好(谢谢)。
<Files test.html>
Order allow,deny
Deny from all
Allow from 123.123.123.123
</Files>
然而,我通过 Rackspace Cloud 发现,当访问者点击页面时(或者就 .htaccess 而言),IP 已经发生了变化。
我在测试 .htaccess 指令时发现了这一点,其中我的真实 IP 不会给我访问权限,但网站自己的托管 IP 可以工作。
通过其他一些测试,我还发现在他们的云环境中,访问者的 IP 是通过“HTTP_X_FORWARDED_FOR”而不是“REMOTE_ADDR”报告的。
有人有一个好的解决方法吗? .htaccess 中是否有指令可以更改 .htaccess 查找的 IP?
(是的,我将在 Rackspace 上发布同样的问题。)
已添加答案,
因此在与他们的在线支持进行了几个小时的绞尽脑汁之后,至少在 Rackspace Cloud 中使用的指令是这样的:
<Files filename.htm>
SetEnvIf X-Cluster-Client-Ip 000.000.000.000 allowclient
SetEnvIf X-FORWARDED-FOR 000.000.000.000 allowclient
order deny,allow
deny from all
allow from env=allowclient
</Files>
根据您是否位于 SSL 集群后面,您将使用“X-Cluster-Client-Ip”(非 SSL)或“X-FORWARDED-FOR”(SSL)指令来匹配您的ip。
found answer, see end of the post
How do you restrict access to a file by IP, when you are hosted in a cluster/cloud environment (Rackspace Cloud, to be more specific). Yesterday, I asked a similar question here, and received the following answer, which worked great (thank you) in my local test environment.
<Files test.html>
Order allow,deny
Deny from all
Allow from 123.123.123.123
</Files>
However, what I've came to find out w/ Rackspace Cloud is that by the time a visitor hits a page (or as far as .htaccess is concerned w/), the IP would have already changed.
I discovered this as I was testing the .htaccess directive, where my true IP would not give me access, but the site's own hosting IP works.
With some other tests, I also finds out that in their cloud environment, a visitor's IP is reported through "HTTP_X_FORWARDED_FOR" instead of "REMOTE_ADDR."
Does anyone have a good workaround w/ this? Is there a directive in .htaccess that I can change the IP .htaccess looks for?
(yes, I'm going to post this same question to Rackspace.)
answer added
so after few hours of head scratching w/ their online support, the directive to use, at least with Rackspace Cloud is this:
<Files filename.htm>
SetEnvIf X-Cluster-Client-Ip 000.000.000.000 allowclient
SetEnvIf X-FORWARDED-FOR 000.000.000.000 allowclient
order deny,allow
deny from all
allow from env=allowclient
</Files>
depending on if you have are behind a SSL-cluster or not, you'll use either "X-Cluster-Client-Ip"(non-SSL) or "X-FORWARDED-FOR" (SSL) directive to match up your ip.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论