你好,我试图拒绝所有不例外的主机头,以阻止他们出现在国防部pagespeed缓存文件夹。
我尝试在apache 2.4服务器上实现以下内容-
您可以通过为所有虚拟主机指定服务器名称来锁定服务器,然后添加一个catchall块,将403-forbidden分配给所有人。例如,我刚刚将ngxpagespeed.com为:
server {
listen 80;
location / {
deny all;
}
}
server {
listen 80;
server_name ngxpagespeed.com www.ngxpagespeed.com;
pagespeed on;
...
}
这是我试图添加到我的apache服务器在这个文件的顶部**/etc/apache 2/sites-enabled/000-default-le-ssl.conf**
<VirtualHost *:80>
ServerName catchall
<Location />
Require all denied
</Location>
<Location /var/www/html/>
Require all denied
</Location>
</VirtualHost>
当我尝试
wget --header="Host: example.com" http://demo.mysite.com
我得到的回应是-
Resolving demo.mysite.com (demo.mysite.com)... 142.41.74.25
Connecting to demo.mysite.com (demo.mysite.com)|142.41.74.25|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://demo.mysite.com/ [following]
--2022-09-05 10:57:46-- https://demo.mysite.com/
Reusing existing connection to demo.mysite.com:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://demo.mysite.com/ [following]
20 redirections exceeded.
为什么禁止输出301而不是403?
我怎么才能让它到403所有未知的主机标题?
这是我的mod_pagespeed缓存文件夹的外观,我想阻止它创建这些随机文件夹,这些文件夹不在我的服务器上-
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-content
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-includes
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-json
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3F3x%3D3x
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3Fa%3Dfetch%2C26content%3D%2C3Cphp%2C3Edie%2C28%2C40md5%2C28HelloThinkCMF%2C29%2C29%2C3C
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3Frest_route%3D
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/.git
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/.well-known
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/1phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/2022
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/2phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_ignition
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpMyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpmyadmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_profiler
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/actuator
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/administrator
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/assets
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/Autodiscover
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/blog
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/c
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cart
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cgi-bin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/checkout
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/console
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/contact
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cookies
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/css
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/database
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/db
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/dbadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/download
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/feed
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/flu
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/index.php%2C3Frest_route%3D
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/my-account
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/MyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/myadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysql
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysql-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysqladmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysqlmanager
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/p-content
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/photo
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/php-my-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/php-myadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmy
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmy-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-4.9.7
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.0
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.2.0
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2011
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2012
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2013
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2014
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2015
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2016
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2017
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2018
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2019
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2020
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2021
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2022
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5.1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5.2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phppma
如果有人能帮忙,谢谢!
已更新
下面是我的配置文件在实现Robbie的建议后的样子-
/etc/apache 2/已启用站点/000-默认.conf
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On
<VirtualHost *:80>
ServerName catchall
</VirtualHost>
<VirtualHost *:443>
ServerName catchall
SSLCertificateFile /etc/letsencrypt/live/demo.mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo.mysite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
/etc/apache 2/已启用站点/001-演示.mysite.com.conf
<VirtualHost *:80>
ServerName demo.mysite.com
ServerAlias demo.mysite.com
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =demo.mysite.com [OR]
RewriteCond %{SERVER_NAME} =www.demo.mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName demo.mysite.com
ServerAlias www.demo.mysite.com
UseCanonicalName On
UseCanonicalPhysicalPort On
Protocols h2 http/1.1
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/demo.mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo.mysite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
1条答案
按热度按时间idfiyjo81#
评论太长了,所以它是作为一个答案。
我认为CBroe的评论回应有点混乱,但在某种程度上也是正确的。
为了说明vhosts块的工作原理,如果请求主机(ServerName)不匹配任何
ServerName
或ServerAlias
声明,则使用第一个vhost块(匹配 *:80或 *:443)。因此,如果您只有一个vhost声明,则ServerName
或ServerAlias
部分中的内容无关紧要。在这种情况下,“catchall”非常合适。三个例子:
与
与下列项目比较:
在您的示例中,实际上有两个 *:80 vhosts块,一个在
000-default.conf
中,另一个在000-default-le-ssl.conf
中。关键问题是先加载哪个。它们是按“字母数字”顺序加载的,但是如果您不确定“.”是否在“-”之前,那么我建议您将“000”和“001”重命名为“000”和“001”,因为这些数字是用来做什么的;以控制装载顺序。因此,您应该有两个conf文件来解决您的问题,每个文件都声明了80和443,正确的顺序如下:
000-default.conf
001-mydomain.com.conf