想实现通过apache的认证页面访问sendip.cgi后在iptables中 对通过验证的这个ip开放某功能
1. 最好是只对组用户开放suid属性 但是 不知道为什么还是提示错误 只有对other用户也开放suid了
|
chmod 4711 /sbin/iptables
chown .nobody /sbin/iptables |
2. 更改或添加一个apache用户
| $apache/bin/htpasswd /usr/local/apache/conf/passwords juey |
3. 配置cgi需要验证
|
vi $apache/conf/httpd.conf
AllowOverride AuthConfig
# AllowOverride None
Options None
Order allow,deny
Allow from all
vi /var/www/html/cgi-bin/.htaccess
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/conf/passwords
Require user juey
Require user juey
|
4. 用shell写个简单的cgi页面
|
#!/bin/bash
# fileName: sendip
echo "Content type: text/html"
echo ""
echo "$REMOTE_ADDR"
iptables -L INPUT | grep "^ACCEPT" | awk '{print $4}'| grep -o "$REMOTE_ADDR"
[ $? -eq 0 ] || /sbin/iptables -I INPUT -s $REMOTE_ADDR -p tcp --dport 4567 -j ACCEPT |
阅读(1793) | 评论(3) | 转发(0) |
