.htaccess 路径只能通过 ip 访问

2022-01-23 00:00:00 php .htaccess drupal-7

我想使用 .htaccess 配置阻止来自我的站点的路径.这个想法是只有一组特定的 IP 可以从 URL 访问该特定路径.

I would like to block a path from my site using the .htaccess configuration. The idea is that only a specific set of IP's can access that specific path from the URL.

注意:这是一个路径,而不是页面或目录.我们正在尝试屏蔽 Web 服务,因此只有对 URL 的 post 调用.

Note: It's a path, not a page or directory. We are trying to shield off a web-service so there will be only post calls to the URL's.

我希望阻止 URL example.com/rest 以及基于 IP 的 URL 后面的所有内容.所以 example.com/rest/test_serviceexample.com/rest/test_service/read 应该被屏蔽.

I would like the url example.com/rest to be blocked and everything behind that url based on IP. So example.com/rest/test_service and example.com/rest/test_service/read should be blocked.

来自应用程序的所有其他路径应保持正常运行.

All other paths from the application should remain functional.

我尝试了以下方法,但似乎不起作用.没有一个页面可以像这样访问.

What I've tried the following but it doesn't seem to work. Not a single page is accessible like this.

SetEnvIf Request_URI "/rest$" rest_uri

<RequireAll>
    Require env rest_uri
    <RequireAny>
        Require ip XXX.XXX.XXX.XXX
    </RequireAny>
</RequireAll>

我尝试了不同的方法,但它们似乎都不起作用.任何帮助表示赞赏.

I've tried different things but none of them seem to work. Any help is appreciated.

推荐答案

您可以使用这样的指令来允许特定 URL 的 IP 范围:

You can use directives like this to allow an IP range for certain URL:

# set env variable if URL is /rest or /rest/
SetEnvIf Request_URI "/rest(/.*)?$" rest_uri

Order deny,allow

# first deny all
Deny from all

# then allow if env var is not set
Allow from env=!rest_uri

# also allow your IP range
Allow from 10.1.0.0/16

相关文章