环境: OS:AIX5300-02
apache version: #apachectl -v
Server version: Apache/2.0.59
Server built: Aug 18 2006 12:59:53
tomcat version: #tail -100 catalina.out
2009-4-9 14:37:13 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
2009-4-9 14:37:13 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.0.30
2009-4-9 14:37:14 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
apache的IP限制:
编辑httpd.conf文件,找到下面的内容:
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
#
# for more information.
#
Options Indexes MultiViews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all --允许所有的访问。
Deny from 192.168.10.76 --这个IP不能访问apache。
--如果只是允许如下两个网段访问则这样写:
Allow from 192.168.10.0/255.255.255.0 10.0.0.0/255.0.0.0
IP之间不是","逗号,而是空格
tomcat的IP限制:
编辑server.xml文件,在与之间加入以下语句,最好加入到之上。
allow="192.168.10.*" deny="192.168.10.236,192.168.10.150"/>
--允许10网段的所有IP访问tomcat,192.168.10.236,192.168.10.150这两个地址除外。我试图这样写:allow="" deny="192.168.10.236,192.168.10.150"/> 好像没有效果,看来allow一定要写个值。
--Windchill系统的访问仅控制apache的访问是不够的,只有对tomcat进行限制才能彻底拒绝指定用户对Windchill系统的访问。