Apache 2.4(RedHat) - .well-known - 403禁止

时间:2018-06-18 06:18:46

标签: apache redhat

我们的apache配置中有一条规则禁止以服务器目录开头的apache。 (出于安全原因)

在某些情况下,我已经阅读了很多关于如何覆盖它的线程,但我仍然得到了403

我需要使用.well-known / pki-validation文件验证globalsign证书,但无法访问

我试过了:

<DirectoryMatch "/var/www/html/.../.well-known/pki-validation">
    Require all granted
</DirectoryMatch>

我也试过这个:

RewriteRule ^.well-known/pki-validation$ well-known/pki-validation
到目前为止没有任何作用

这是apache config 

LoadModule authz_core_module modules/mod_authz_core.so

LoadModule mime_module modules/mod_mime.so

LoadModule headers_module modules/mod_headers.so

LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on

LoadModule version_module modules/mod_version.so

# LoadModule ssl_module modules/mod_ssl.so
<IfModule mod_ssl.c>
 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
</IfModule>

# For Redhat
<IfModule !mpm_winnt_module>
 LoadModule systemd_module    modules/mod_systemd.so
 LoadModule unixd_module    modules/mod_unixd.so
 # If using php-pfm, we can use mod_mpm_event which is more efficient
        LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
        #LoadModule mpm_event_module modules/mod_mpm_event.so
 # LoadModule php5_module modules/libphp5.so
 <IfModule !mod_php5.c>
  <IfModule prefork.c>
    LoadModule php7_module /opt/rh/httpd24/root/etc/httpd/modules/librh-php70-php7.so
  </IfModule>
</IfModule>
</IfModule>


# Allow use of macros for consistency
LoadModule macro_module /usr/local/lib64/httpd/modules/mod_macro.so
#LoadModule macro_module /opt/rh/httpd24/root/etc/httpd/modules/mod_macro.so
MacroIgnoreBadNesting
#MacroIgnoreEmptyArgs

# Compress content before delivering to client
#LoadModule deflate_module modules/mod_deflate.so

LoadModule log_config_module modules/mod_log_config.so
#LoadModule mime_module modules/mod_mime.so
#LoadModule env_module modules/mod_env.so
#LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule unique_id_module modules/mod_unique_id.so

# ================== Server info ==================
Define logroot /var/log/httpd
Define docroot /var/www/html

# DocumentRoot: The directory containing documents => overwritten in vhosts
# DocumentRoot: The directory containing documents => overwritten in vhosts
DocumentRoot ${docroot}

# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
<IfModule log_config_module>
 # %O removed because needs mod_log_io
        LogFormat "%v:%p %h %l %u %t \"%r\" %>s \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
        LogFormat "%h %l %u %t \"%r\" %>s \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s" common
        LogFormat "%{Referer}i -> %U" referer
        LogFormat "%{User-agent}i" agent
</IfModule>

# ErrorLog: The location of the log fils => overwritten in vhosts
ErrorLog  ${logroot}/error-default.log
<IfModule log_config_module>
 CustomLog ${logroot}/access-default.log combined
</IfModule>

# LogLevel: Control the number of messages logged to the error log.
# Possible values: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn

# timeout (s) after which gracefully shutdown server will exit (0 means never exit)
#GracefulShutDownTimeout 30

# Wait up to X seconds for slow clients requests
TimeOut 30

# Security settings ---------------------------------------------------------
ServerSignature Off
ServerTokens Prod

# User/Group: The name (or #number) of the user/group to run httpd as.
<IfModule !mpm_winnt_module>
        User  apache
        Group apache

        # Put Apache in jail
        ChrootDir "/data/apache"
</IfModule>

# This has to stay off to not give information about the system
<IfModule status_module>
 ExtendedStatus Off
</IfModule>

<Directory />
 # Disallow .htaccess files
 AllowOverride None
        # Allow only basic methods
        <LimitExcept GET POST OPTIONS HEAD>
         Require all denied
        </LimitExcept>
</Directory>

# Allow symlinks, but only if same owner
Options +FollowSymLinks -SymLinksIfOwnerMatch

# Prevent access to .htaccess, .htpasswd, .svn, ...
<LocationMatch "/[.]">
        Require all denied
</LocationMatch>
# MacOS system dir
<LocationMatch "DS_Store">
        Require all denied
</LocationMatch>
# In case no whitelist is applied
<LocationMatch "[.](?i:bak|bk!|sql)$">
        Require all denied
</LocationMatch>

#Require all denied
#<Directory /var/www/html>
#       Require all granted
#</Directory>

# Remove header containing version number
Header unset X-Powered-By

# Performance/resource ------------------------------------------

# Set keep-alive timeout
KeepAliveTimeout 5
# Unlimited numbers of keep-alive requests (only restricted by time-out)
MaxKeepAliveRequests 100

# To recycle memory after X connections (to one process)
#MaxRequestsPerChild  40000

# Processes & Threads manipulation ---------------------------------------------
# Common directives for worker (multi-thread) & prefork (single thread)
# default values are given in parenthesis: worker/prefork
# 2.4: "event" is an enhanced version of "worker"

# Max. number of processes (16/256)
#ServerLimit     80
#StartServers    16

# Limit resources of external processes (CGI, etc.)
#RLimitCPU seconds|max [seconds|max]
#RLimitMEM bytes|max [bytes|max]
#RLimitNPROC number|max [number|max]

# No multi-threading - default for Redhat/CentOS
# Can be changed in /etc/sysconfig/httpd
<IfModule prefork.c>
 #MinSpareServers   16
 #MaxSpareServers   32
</IfModule>

# Multi-threading - httpd 2.2
<IfModule worker.c>
 # High number -> lower memory but (a bit) less responsive and more impact
 #ThreadsPerChild 25

 # Max. number of concurrent requests *

 # default = ServerLimit (16) * ThreadsPerChild (25)
 #MaxClients 400

 # MinSpareThreads (multiple of ThreadsPerChild) - def: min_servers * ThreadsPerChild
 #MinSpareThreads 150
 # MaxSpareThreads  (multiple of ThreadsPerChild) - def: ServerLimit * ThreadsPerChild
 #MaxSpareThreads 250
</IfModule>

# Multi-threading - httpd 2.4 (more efficient that worker)
<IfModule event.c>
 # High number -> lower memory but (a bit) less responsive and more impact
 #ThreadsPerChild 25

 # Max. number of concurrent requests * KeepAliveTimeout
 # default = ServerLimit (16) * ThreadsPerChild (25)
 #MaxClients 400

 # MinSpareThreads (multiple of ThreadsPerChild) - def: min_servers * ThreadsPerChild
 #MinSpareThreads 150
 # MaxSpareThreads  (multiple of ThreadsPerChild) - def: ServerLimit * ThreadsPerChild
 #MaxSpareThreads 250
</IfModule>

# Multi-threading - Windows (only one child process)
<IfModule mpm_winnt_module>
 # High number -> lower memory but (a bit) slower and more impact
 #ThreadsPerChild 64
</IfModule>

# Include files ----------------------------------------------------------------

# SSL/TLS
<IfModule mod_ssl.c>
 Include conf/ssl.conf
</IfModule>

# Generic macros reused somewhere else
Include conf/macros.conf

# Generic macros reused somewhere else
Include conf/php.conf

LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so

# Include chroot
Include conf/chroot.conf

# Include additional vhosts
Include conf/vhosts.conf

0 个答案:

没有答案
相关问题
最新问题