动态更新Apache配置"允许来自IP"不重新启动/重新加载? [英] Dynamically update Apache config "allow from IP" without a restart/reload?
问题描述
我的目标是允许访问一个Apache 2.2转发代理登录的用户只能者的IP,同时拒绝所有其他IP地址。
在代理虚拟主机,我已经成功地纳入,获取动态重写每一次文件中的从允许在站点或出用户登录(添加的IP登录用户在删除记录的知识产权-out用户)。然而,这需要Apache的优雅重启/重装生效,我期待以提高性能,如果我能...因为当用户登录,并输送到主页面,偶尔Apache是正确的重新启动并发出一个忙的警告的中间。
我想,我可以通过第二延迟的Apache的优雅重启或两个以缓解初始登录的压力,但如果是为了避免重启干脆,我真的AP $ P $的方法pciate了解一下吧。谢谢!
然而,这需要一个优美
阿帕奇的重启/重装拿
实际上,
块引用>请不要这样做。这不是一个解决方案。
使用 RewriteMap指令从Apache的mod_rewrite(RewriteModule)实现基于动态文件指令IP黑名单/白名单。
##白名单IPS ##
RewriteMap指令ipslist TXT:/path/to/whitelist.txt
的RewriteCond%{REMOTE_ADDR} ^(。*)$
的RewriteCond $ {ipslist:%1 |黑} ^ $黑[NC]
重写规则(*) - [F]My goal is to allow access to an Apache 2.2 forwarding proxy to the IPs of logged-in users only, while denying all other IPs.
In the proxy virtual host, I've successfully included an "allow from" file that gets dynamically rewritten every time a user logs in or out of the site (adding the IP of logged-in users while deleting the IP of logged-out users). However, this requires a graceful restart/reload of Apache to take effect, and I'm looking to improve the performance if I can... because as the user logs in and is transported to the main page, occasionally Apache is right in the middle of the restart and issues a "busy" warning.
I suppose that I could delay the graceful restart of Apache by a second or two to ease the stress on the initial log-in, but if there is a way to avoid the restart altogether, I'd really appreciate knowing about it. Thanks!
解决方案However, this requires a graceful restart/reload of Apache to take effect,
Please do not do this. This is not a solution.
Use RewriteMap directive from Apache's mod_rewrite (RewriteModule) to achieve a dynamic file based IP blacklisting/white listing.
## WHITELIST IPS ## RewriteMap ipslist txt:/path/to/whitelist.txt RewriteCond %{REMOTE_ADDR} ^(.*)$ RewriteCond ${ipslist:%1|black} ^black$ [NC] RewriteRule (.*) - [F]
这篇关于动态更新Apache配置"允许来自IP"不重新启动/重新加载?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!