问题
My goal is to allow access to an Apache 2.2 forwarding proxy to the IPs of logged-in users only, while denying all other IPs.
In the proxy virtual host, I've successfully included an "allow from" file that gets dynamically rewritten every time a user logs in or out of the site (adding the IP of logged-in users while deleting the IP of logged-out users). However, this requires a graceful restart/reload of Apache to take effect, and I'm looking to improve the performance if I can... because as the user logs in and is transported to the main page, occasionally Apache is right in the middle of the restart and issues a "busy" warning.
I suppose that I could delay the graceful restart of Apache by a second or two to ease the stress on the initial log-in, but if there is a way to avoid the restart altogether, I'd really appreciate knowing about it. Thanks!
回答1:
However, this requires a graceful restart/reload of Apache to take effect,
Please do not do this. This is not a solution.
Use RewriteMap directive from Apache's mod_rewrite (RewriteModule) to achieve a dynamic file based IP blacklisting/white listing.
## WHITELIST IPS ##
RewriteMap ipslist txt:/path/to/whitelist.txt
RewriteCond %{REMOTE_ADDR} ^(.*)$
RewriteCond ${ipslist:%1|black} ^black$ [NC]
RewriteRule (.*) - [F]
来源:https://stackoverflow.com/questions/4676954/dynamically-update-apache-config-allow-from-ip-without-a-restart-reload