关于一个apache的怪问题

cxfcxf

我的APACHE在虚拟主机上限制 主机访问没问题
可是 我把虚拟主机服务关掉
然后
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    deny from all

</Directory>
因为常识失败多次。。。所以我把ALL都DENY 结果还是没任何效果 尝试了无数次 都可以通过。。

其他设置都是默认的
文件目录还是/var/www/html

不过这个选项在虚拟主机上使用良好
<VirtualHost 192.168.0.1:80>
   ServerAdmin root@server.serverdomain
   DocumentRoot /var/www/html/www1/
    ServerName www1.example.com
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common
   <Directory /var/www/html/www1>
      Options Indexes Includes
     AllowOverride AuthConfig
      order allow,deny
     deny from 192.168.0.2
     </Directory>
VirtualHost>

<VirtualHost 192.168.0.1:80>
    ServerAdmin root@server.serverdomain.com
    DocumentRoot /var/www/html/www2/
    ServerName www2.example.com
    <Directory /var/www/html/www2>
    order allow,deny
    deny from 192.168.0.3
    </Directory>
</VirtualHost>

请问可能是那里的问题？？

yongjian

I am still not very clear what you are trying to say but if you specify order as allow,deny, then deny is the default policy. You only need to specify the allow host/networks. Everything not in the allow will be denied.

squallabc

是不是应该这样  Order deny,allow
                                deny from all

zaiwen

I did the same test and it works fine.  

1. Which page did you see when you say "都可以通过"?  If you see the "Red Hat Enterprise Linux TEST PAGE", it means it is blocked, which means it is working.  Don't expected the "forbidden" page. Did you place your own index.html file under /var/www/html?  If you see your own index.html, it means it is not blocked.

2. It doesn't matter the order is "allow, deny" or "deny, allow". Both are working fine, just you need to think of the logic. yongjian has explained the logic before. He is right.

Here is some of my tests.

Order allow, deny
1. allow from 192.168.0.3                              --> only .0.3 will be allowed
2. deny from 192.168.0.3                              --> only .0.3 will be denied
3. allow from all                                              --> all will be allowed
4. deny from all                                              --> all will be denied
5. allow from all, but deny from 192.168.0.3   --> only .0.3 will be denied
6. allow from 192.168.0.3, but deny from all   --> all will be denied
(The last one is very interesting. As long as you deny all, anything you have allowed will be denied too).

Order deny, allow
1. allow from 192.168.0.3                              --> only .0.3 will be allowed
2. deny from 192.168.0.3                              --> only .0.3 will be denied
3. allow from all                                              --> all will be allowed
4. deny from all                                              --> all will be denied
5. allow from all, but deny from 192.168.0.3   --> all will be allowed
6. allow from 192.168.0.3, but deny from all   --> only .0.3 allowed  

They all make sense to me (I love this allow and deny logic, better than that in hosts.allow and hosts.deny, which, in my opinion, is very easy to make error).

Also you can tell the order "allow, deny" or "deny, allow" doesnot matter if you have only one statement (the first 4 tests in each order).  The order only matters when you have both allow and deny statement (the last 2 tests in each order).  And you can see the result is different when order is different even statement is the same....

cxfcxf

1。 yes i see Red Hat Enterprise Linux TEST PAGE in VH set
i know it means my deny-section is working

so i say that is a 怪 question ...