如何拒绝所有不例外的主机标头403被禁止?Apache 2.4

e5nqia27  于 2022-11-16  发布在  Apache
关注(0)|答案(1)|浏览(162)

你好,我试图拒绝所有不例外的主机头,以阻止他们出现在国防部pagespeed缓存文件夹。
我尝试在apache 2.4服务器上实现以下内容-
您可以通过为所有虚拟主机指定服务器名称来锁定服务器,然后添加一个catchall块,将403-forbidden分配给所有人。例如,我刚刚将ngxpagespeed.com为:

server {
        listen 80;
        location / {
           deny all;
        }
   }
   server {
        listen       80;
        server_name  ngxpagespeed.com www.ngxpagespeed.com;
        pagespeed on;
        ...
    }

这是我试图添加到我的apache服务器在这个文件的顶部**/etc/apache 2/sites-enabled/000-default-le-ssl.conf**

<VirtualHost *:80>
    ServerName catchall
    <Location />
        Require all denied
    </Location>
    <Location /var/www/html/>
        Require all denied
    </Location>
</VirtualHost>

当我尝试

wget --header="Host: example.com" http://demo.mysite.com

我得到的回应是-

Resolving demo.mysite.com (demo.mysite.com)... 142.41.74.25
Connecting to demo.mysite.com (demo.mysite.com)|142.41.74.25|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://demo.mysite.com/ [following]
--2022-09-05 10:57:46--  https://demo.mysite.com/
Reusing existing connection to demo.mysite.com:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://demo.mysite.com/ [following]
20 redirections exceeded.

为什么禁止输出301而不是403?
我怎么才能让它到403所有未知的主机标题?
这是我的mod_pagespeed缓存文件夹的外观,我想阻止它创建这些随机文件夹,这些文件夹不在我的服务器上-

/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-content
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-includes
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-json
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3F3x%3D3x
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3Fa%3Dfetch%2C26content%3D%2C3Cphp%2C3Edie%2C28%2C40md5%2C28HelloThinkCMF%2C29%2C29%2C3C
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3Frest_route%3D
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/.git
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/.well-known
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/1phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/2022
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/2phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_ignition
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpMyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpmyadmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_profiler
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/actuator
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/administrator
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/assets
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/Autodiscover
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/blog
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/c
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cart
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cgi-bin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/checkout
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/console
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/contact
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cookies
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/css
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/database
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/db
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/dbadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/download
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/feed
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/flu
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/index.php%2C3Frest_route%3D
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/my-account
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/MyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/myadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysql
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysql-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysqladmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysqlmanager
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/p-content
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/photo
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/php-my-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/php-myadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmy
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmy-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-4.9.7
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.0
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.2.0
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2011
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2012
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2013
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2014
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2015
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2016
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2017
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2018
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2019
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2020
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2021
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2022
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5.1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5.2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phppma

如果有人能帮忙,谢谢!

已更新

下面是我的配置文件在实现Robbie的建议后的样子-

/etc/apache 2/已启用站点/000-默认.conf

# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On

<VirtualHost *:80>

    ServerName catchall

</VirtualHost>

<VirtualHost *:443>

    ServerName catchall

    SSLCertificateFile /etc/letsencrypt/live/demo.mysite.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/demo.mysite.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

/etc/apache 2/已启用站点/001-演示.mysite.com.conf

<VirtualHost *:80>
    ServerName demo.mysite.com
    ServerAlias demo.mysite.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =demo.mysite.com [OR]
        RewriteCond %{SERVER_NAME} =www.demo.mysite.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName demo.mysite.com
        ServerAlias www.demo.mysite.com

        UseCanonicalName On
        UseCanonicalPhysicalPort On

        Protocols h2 http/1.1

        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/demo.mysite.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/demo.mysite.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
apache

1条答案

按热度按时间
idfiyjo8

idfiyjo81#

评论太长了,所以它是作为一个答案。
我认为CBroe的评论回应有点混乱,但在某种程度上也是正确的。
为了说明vhosts块的工作原理,如果请求主机(ServerName)不匹配任何ServerNameServerAlias声明,则使用第一个vhost块(匹配 *:80或 *:443)。因此,如果您只有一个vhost声明,则ServerNameServerAlias部分中的内容无关紧要。在这种情况下,“catchall”非常合适。
三个例子:

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything (as there are no other blocks)
    // ServerName can be anything you like.
    ServerName catchall
</VirtualHost>

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything that is NOT "mydomain.com" / "www.mydomain.com"
    ServerName catchall
</VirtualHost>
<VirtualHost *:80>
    // Matches only "mydomain.com" / "www.mydomain.com"
    ServerName mydomain.com
    ServerAlias www.mydomain.com
</VirtualHost>

与下列项目比较:

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything that is not "catchall"
    ServerName mydomain.com
    ServerAlias www.mydomain.com
</VirtualHost>
<VirtualHost *:80>
    // This block is a total waste of time as "catchall" is not a valid public host (unless local DNS etc)
    ServerName catchall
</VirtualHost>

在您的示例中,实际上有两个 *:80 vhosts块,一个在000-default.conf中,另一个在000-default-le-ssl.conf中。关键问题是先加载哪个。它们是按“字母数字”顺序加载的,但是如果您不确定“.”是否在“-”之前,那么我建议您将“000”和“001”重命名为“000”和“001”,因为这些数字是用来做什么的;以控制装载顺序。
因此,您应该有两个conf文件来解决您的问题,每个文件都声明了80和443,正确的顺序如下:
000-default.conf

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything that is NOT "mydomain.com" / "www.mydomain.com"
    ServerName catchall
    // Do not add to cache, reject, throw error etc.
</VirtualHost>
<VirtualHost *:443>
    // This is the first block, so is default.
    // Matches anything that is NOT "mydomain.com" / "www.mydomain.com"
    ServerName catchall
    // Do not add to cache, reject, throw error etc.
    // Add your cert details, but users will get a cert error here anyway as name will not match.
</VirtualHost>

001-mydomain.com.conf

<VirtualHost *:80>
    // This is the second block, so must match the host (otherwise, will hit "default")
    ServerName mydomain.com
    ServerAlias www.mydomain.com 
    <Directory..... etc</Directory>
</VirtualHost>
<VirtualHost *:443>
    // This is the second block, so must match the host (otherwise, will hit "default")
    ServerName mydomain.com
    ServerAlias www.mydomain.com 
    <Directory..... etc</Directory>
    // Add your cert details
</VirtualHost>
赞(0)分享  回复(0)举报  2022-11-16
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com