Apache 服务中order allow/deny 范围公式
2007-11-08 15:23
751 查看
Order A, B (其中,A和B均可以代表allow或者deny,以下conlist表示控制列表)
A from conlist1
B from conlist2
那么最终访问控制的结果为:(以(A)表示A的控制范围,)
(A)= (conlist1) U (!conlist2) (!--取反,U--并集,n--交集)
(B)= (!A) = (!conlist1) n (conlist2)
(A)+(B)= I(全集)
下面有一个图简单表示了allow与deny的范围关系:
比如:
Order allow,deny
Allow from 192.168.10.0
Deny from 192.168.10.1
(Allow)= 192.168.10.0网段中除192.168.10.1之外的IP地址。
(Deny)= 192.168.10.1+192.168.10.0网段之外的IP地址。
注意:
1) Order后面allow和deny的顺序与下面Allow from和Deny from的顺序无直接关系。最终求得的范围是根据Order那一行的顺序来写的。即:上面例子的结果等同于:
Order allow,deny
Deny from 192.168.10.1
Allow from 192.168.10.0
2)如果在order之后并没有定义具体的allow或deny的访问控制列表,则默认以后者为准。
下面是Apache官方文档有关order的说明:
The
A from conlist1
B from conlist2
那么最终访问控制的结果为:(以(A)表示A的控制范围,)
(A)= (conlist1) U (!conlist2) (!--取反,U--并集,n--交集)
(B)= (!A) = (!conlist1) n (conlist2)
(A)+(B)= I(全集)
下面有一个图简单表示了allow与deny的范围关系:
比如:
Order allow,deny
Allow from 192.168.10.0
Deny from 192.168.10.1
(Allow)= 192.168.10.0网段中除192.168.10.1之外的IP地址。
(Deny)= 192.168.10.1+192.168.10.0网段之外的IP地址。
注意:
1) Order后面allow和deny的顺序与下面Allow from和Deny from的顺序无直接关系。最终求得的范围是根据Order那一行的顺序来写的。即:上面例子的结果等同于:
Order allow,deny
Deny from 192.168.10.1
Allow from 192.168.10.0
2)如果在order之后并没有定义具体的allow或deny的访问控制列表,则默认以后者为准。
下面是Apache官方文档有关order的说明:
The
Orderdirective controls the default access state and the order in which
Allowand
Denydirectives are evaluated. Ordering is one of
Deny,AllowThe
Denydirectives are evaluated before the
Allowdirectives. Access is allowed by default. Any client which does not match a
Denydirective or does match an
Allowdirective will be allowed access to the server.
Allow,DenyThe
Allowdirectives are evaluated before the
Denydirectives. Access is denied by default. Any client which does not match an
Allowdirective or does match a
Denydirective will be denied access to the server.
Mutual-failureOnly those hosts which appear on the
Allowlist and do not appear on the
Denylist are granted access. This ordering has the same effect as
Order Allow,Denyand is deprecated in favor of that configuration.
相关文章推荐
- apache访问目录配置 Allow Deny Order 指令的使用
- Apache的Order Allow Deny心得
- Apache的Order Allow Deny实战总结[转]
- Apache的Order Allow Deny
- [乐意黎]Apache重启后抛order takes one argument, 'allow,deny', 'deny,allow', or 'mutual-failure'
- 【转】Apache的Order Allow Deny心得
- Apache的Order Allow Deny实战总结
- apache conf Order Allow,Deny
- apache的order allow deny
- Apache 2.4 的ip保护(Order, Deny, Allow, Require)
- apache config directive – order, allow, deny
- Apache(httpd)配置Directory目录,Order,deny,allow说明
- Apache的Order Allow Deny心得
- Apache 的 order deny allow 设置说明
- Apache的Order Allow Deny心得
- Apache的Order Allow Deny心得
- Apache配置文件中的deny和allow的使用
- hosts.allow、hosts.deny无效查看服务是否支持tcp_Wrappers
- Apache配置文件中的deny和allow的使用
- Apache配置文件中的deny和allow的使用