Dynamically update Apache config “allow from IP” without a restart/reload?

那年仲夏 提交于 2020-01-01 07:04:59

问题


My goal is to allow access to an Apache 2.2 forwarding proxy to the IPs of logged-in users only, while denying all other IPs.

In the proxy virtual host, I've successfully included an "allow from" file that gets dynamically rewritten every time a user logs in or out of the site (adding the IP of logged-in users while deleting the IP of logged-out users). However, this requires a graceful restart/reload of Apache to take effect, and I'm looking to improve the performance if I can... because as the user logs in and is transported to the main page, occasionally Apache is right in the middle of the restart and issues a "busy" warning.

I suppose that I could delay the graceful restart of Apache by a second or two to ease the stress on the initial log-in, but if there is a way to avoid the restart altogether, I'd really appreciate knowing about it. Thanks!


回答1:


However, this requires a graceful restart/reload of Apache to take effect,

Please do not do this. This is not a solution.

Use RewriteMap directive from Apache's mod_rewrite (RewriteModule) to achieve a dynamic file based IP blacklisting/white listing.

## WHITELIST IPS ##
RewriteMap ipslist txt:/path/to/whitelist.txt
RewriteCond %{REMOTE_ADDR} ^(.*)$
RewriteCond ${ipslist:%1|black} ^black$ [NC]
RewriteRule (.*) - [F]


来源:https://stackoverflow.com/questions/4676954/dynamically-update-apache-config-allow-from-ip-without-a-restart-reload

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!