我有 6 台机器:3 台运行 RHEL 3(Taroon Update 9),另外 3 台运行 RHEL 5.6(Tikanga)。
它们都共享一个 NFS 卷,其中包含
- Apache 2.2.4 安装
- 那个 Apache 的配置文件
- 该 Apache 提供的 PHP 脚本和其他内容
在每台机器上,共享的 Apache 以“-D $hostname”选项启动,以区别于其他机器上运行的 Apache 实例。(其中 $hostname 是机器的主机名)。
这 6 台机器前面有一个负载均衡器(另一个 Apache),用于平衡它们之间的请求。
问题:
我在包含这些规则的目录中放置了一个 .htaccess 文件:
order deny,allow
deny from all
allow from my.very.own.ip
(我在 之间的配置文件中尝试了相同的规则,结果相同)
来自除 my.very.own.ip 之外的任何 IP 的任何请求都被所有 6 个 Apache 拒绝。
来自 my.very.own.ip 的命中前 3 个 Apache(在 RHEL 3 上运行)的请求被接受,这是正常的。
来自 my.very.own.ip 的请求命中最后3 个 Apache(在 RHEL 5.6 上运行)被拒绝(HTTP 403,客户端被服务器配置拒绝),这是不正常的。
我已经在所有 Apache 服务器(及其分叉的子节点)上运行了一个 strace,它们看起来是这样的:
- 在一个“好”的 Apache 上,请求来自 my.very.own.ip
19553 read(7, "GET /my/website"..., 8000) = 1761
19553 gettimeofday({1343736878, 168708}, NULL) = 0
19553 gettimeofday({1343736878, 168787}, NULL) = 0
19553 gettimeofday({1343736878, 168835}, NULL) = 0
19553 stat64("/shark/apps/apache1/conf/www/maps/stationlist.txt", {st_mode=S_IFREG|0644, st_size=5557, ...}) = 0
19553 stat64("/shark/apps/apache1/conf/somedir/stationkidsurls.txt", {st_mode=S_IFREG|0644, st_size=6200, ...}) = 0
19553 stat64("/shark/www_docs/my/website/php/script.php", {st_mode=S_IFREG|0644, st_size=2449, ...}) = 0
19553 open("/shark/www_docs/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
19553 open("/shark/www_docs/my/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
19553 open("/shark/www_docs/my/website/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
19553 open("/shark/www_docs/my/website/php/.htaccess", O_RDONLY|O_LARGEFILE) = 10
19553 fstat64(10, {st_mode=S_IFREG|0644, st_size=51, ...}) = 0
19553 read(10, " order deny,allow\n deny f"..., 4096) = 51
19553 read(10, "", 4096) = 0
19553 close(10) = 0
19553 open("/shark/www_docs/my/website/php/script.php/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOTDIR (Not a directory)
19553 getpid() = 19553
19553 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0
19553 rt_sigaction(SIGPROF, {0x1280014, [PROF], SA_RESTORER|SA_RESTART, 0x3c10d8}, {0x1280014, [PROF], SA_RESTORER|SA_RESTART, 0x3c10d8}, 8) = 0
19553 rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
19553 getcwd("/", 4095) = 2
19553 chdir("/shark/www_docs/my/website/php") = 0
- 在请求来自 my.very.own.ip 的“坏”Apache 上
1723 read(9, "GET /my/website"..., 8000) = 1761
1723 gettimeofday({1343736621, 548677}, NULL) = 0
1723 gettimeofday({1343736621, 548735}, NULL) = 0
1723 gettimeofday({1343736621, 548771}, NULL) = 0
1723 stat64("/shark/apps/apache1/conf/www/maps/stationlist.txt", {st_mode=S_IFREG|0644, st_size=5557, ...}) = 0
1723 stat64("/shark/apps/apache1/conf/somedir/stationkidsurls.txt", {st_mode=S_IFREG|0644, st_size=6200, ...}) = 0
1723 stat64("/shark/www_docs/my/website/php/script.php", {st_mode=S_IFREG|0644, st_size=2449, ...}) = 0
1723 open("/shark/www_docs/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
1723 open("/shark/www_docs/my/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
1723 open("/shark/www_docs/my/website/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
1723 open("/shark/www_docs/my/website/php/.htaccess", O_RDONLY|O_LARGEFILE) = 12
1723 fstat64(12, {st_mode=S_IFREG|0644, st_size=51, ...}) = 0
1723 read(12, " order deny,allow\n deny f"..., 4096) = 51
1723 read(12, "", 4096) = 0
1723 close(12) = 0
1723 open("/shark/www_docs/my/website/php/script.php/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOTDIR (Not a directory)
1723 gettimeofday({1343736621, 550606}, NULL) = 0
1723 write(10, "[Tue Jul 31 08:10:21 2012] [erro"..., 159) = 159
729 <... read resumed> "[Tue Jul 31 08:10:21 2012] [erro"..., 65536) = 159
729 gettimeofday({1343736621, 550743}, NULL) = 0
729 gettimeofday({1343736621, 550786}, NULL) = 0
你怎么看?
这些机器之间的唯一区别在于 RHEL 版本。这也可能意味着 NFS 共享( /shark )的安装方式不同......
我已经修改了 .htaccess 并通过重写更改了允许、拒绝规则(不是来自 my.very.own.ip 的请求被重定向到其他地方)。但是......我仍然想知道为什么相同的规则在不同的机器上表现不同(相同的 Apache,相同的配置文件)。