Apache 2.4要求ip不起作用 [英] Apache 2.4 Require ip not working

问题描述

尝试从较早的允许，拒绝，订购语法改为新的语法以保护WordPress管理部分，但我无法识别它的IP。

Trying to go from older allow, deny, order syntax to the new one to secure WordPress admin section, but I can't get it to recognize my IP.

这是我的 .htaccess 文件包含在 / wp-admin 文件夹中的内容。

This is what my .htaccess file contains in /wp-admin folder.

ErrorDocument 401 default
ErrorDocument 403 default

# Disallow access for everyone except these IPs
<RequireAny>
    Require ip 50.153.218.4
</RequireAny>

# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
    <RequireAll>
        Require all granted
    </RequireAll>
</Files>

这就是我在 .htaccess中拥有的东西

And this is what I have in .htaccess in the root under the WordPress mod rewrite info.

# Protect WordPress
ErrorDocument 401 default
ErrorDocument 403 default

<Files wp-login.php>
    <RequireAny>
        Require ip 50.153.218.4
    </RequireAny>
</Files>

但是我一直收到403 Forbidden错误。当我在IP下添加Require All Granted时，它可以正常工作，但是向每个用户开放。看来apache只是无法正确读取我的ip？有人知道我在做什么错吗？

But I just keep getting 403 Forbidden error. When I add Require All Granted under the IP, it works fine, but that opens it up to every user. It seems like apache is just not reading my ip correctly? Anyone have any idea what I'm doing wrong?

推荐答案

您的语法对我来说很好。

Your syntax looks perfectly fine to me.

我可以认为apache可能无法正确读取用户IP的唯一原因是如果您位于代理或负载平衡器的后面。在这种情况下，您可以使用 X-Forwarded-For 代替 ip 。在PHP中，您可以通过比较 $ _ SERVER ['REMOTE_ADDR'] 和 $ _ SERVER ['HTTP_X_FORWARDED_FOR'] <来确定是否在代理后面/ code>。

The only reason I can think that apache might not be reading the user's IP correctly is if you're behind a proxy or load balancer. If that is the case you would use X-Forwarded-For instead of ip. In PHP, you can confirm if you're behind a proxy by comparing $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'].

如果这不是问题，那么最好在 ServerFault 。

If that is not the issue so you might have better luck finding an answer at ServerFault.

不过，我可以为您提供一些解决方法。最简单的解决方案可能是使用几个WordPress 安全性插件之一，它可以限制通过IP地址访问后端。

I can offer you some workarounds though. The easiest solution may be to use one of several WordPress security plugins that allow you to restrict access to the backend by IP address.

或者，在您的主题或插件中，您可以实现相同的身份验证逻辑：

Alternatively, in your theme or in a plugin you can implement this same sort of authentication logic:

add_action('init', function() {
    $allowed_ips = array('50.153.218.4');
    if(is_admin() || $GLOBALS['pagenow'] == 'wp-login.php') {
        if( !DOING_AJAX && !in_array($_SERVER['REMOTE_ADDR'], $allowed_ips) ) {
            wp_die('', 'Forbidden' array(
                'response' => 403
            ));
        }
    }
});

更新：从注释看来，其中涉及一个代理。此应该工作：

Update: From the comments it looks like there is a proxy involved. This should work:

ErrorDocument 401 default
ErrorDocument 403 default

SetEnvIF X-Forwarded-For "50.153.218.4" AllowIP

# Disallow access for everyone except these IPs
<RequireAny>
    Require env AllowIP
</RequireAny>

# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
    <RequireAll>
        Require all granted
    </RequireAll>
</Files>

和

# Protect WordPress
ErrorDocument 401 default
ErrorDocument 403 default

SetEnvIF X-Forwarded-For "50.153.218.4" AllowIP

<Files wp-login.php>
    <RequireAny>
         Require env AllowIP
    </RequireAny>
</Files>

您还应该能够使用允许，拒绝语法使用类似的方法。

You should also be able to use a similar method using the "Allow, Deny" syntax.

这篇关于Apache 2.4要求ip不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！