我有一个通过 mod_wsgi 在 Apache 下运行的 web2py 应用程序。 如何根据源 IP 限制对管理页面 (www.myapp.com/admin) 的访问?
理想情况下,我直接在 Apache 中执行此操作有两个原因:1)我假设 Apache 可以更有效地访问源 IP [需要引用] 2)我不想修改 web2py 中的库存管理页面来阻止特定 IP .
我的(删节的)配置看起来像这样:
<VirtualHost *:80>
WSGIDaemonProcess web2py user=myapp group=myapp
WSGIProcessGroup web2py
WSGIScriptAlias / /home/myapp/myapp/wsgihandler.py
TimeOut 45
ServerName myapp.com
ServerAlias www.myapp.com
<Directory /home/myapp/myapp>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
#======================================
# THIS IS WHAT I TRIED THAT DIDN'T WORK
<Directory /home/myapp/myapp/admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
#======================================
AliasMatch ^/static/(.*) \
/home/myapp/myapp/applications/myapp/static/$1
<Directory /home/myapp/myapp/applications/myapp/static/>
Options -Indexes
Order Allow,Deny
Allow from all
</Directory>
# HTTPS enforcement
# Out of convenience, forward /a* to https, covers /admin /appadmin and /a (front facing admin)
RedirectMatch ^/a(.*) https://myapp.com/a$1
RedirectMatch ^/c/(.*) https://myapp.com/c/$1
RedirectMatch ^/w/user/login(?:/(.*)|$) https://myapp.com/w/user/login/$1
RedirectMatch ^/w/user/register(?:/(.*)|$) https://myapp.com/w/user/register/$1
CustomLog /var/log/apache2/access.log common
ErrorLog /var/log/apache2/error.log
</VirtualHost>
请注意,对于端口 443,我有一个类似的 VirtualHost。我只是为了冗余而没有包括它。
通常,我的理解是我可以使用目录符号之类的东西来拒绝对某些目录的访问。但是,上述方法不起作用,我想知道它是否与 WSGIScriptAlias 指令有关。