Dynamic IP .htaccess blocklist?

2019-03-15 11:11发布

问题:

Is it possible to block users from IP adresses with a dynamic file-based blocklist?

So, suppose the .htaccess looks like:

order Deny,Allow
Deny from 123.156.0.1
Deny from 10.0.0.10
Allow from all

Can this list be made dynamic, for example:

order Deny,Allow
[include Deny list here]
Allow from all

Another option would of course be to fix it with PHP, but it is preferable to let Apache handle this.

回答1:

According to the Apache docs, it doesn't seem to be possible to read values from a text file.

However, you could include a configuration file containing the IP addresses. They would have to be in Apache's conf file format, though.

This should work:

order Deny,Allow
include conf/IPList.conf
Allow from all

It's even possible to include whole directories, even though it's not recommended.



回答2:

I use the RewriteMap feature from Apache's RewriteModule, as a whitelist like this:

## WHITELIST IPS ##
RewriteMap ipslist txt:/path/to/whitelist.txt
RewriteCond %{REMOTE_ADDR} ^(.*)$
RewriteCond ${ipslist:%1|black} ^black$ [NC]
RewriteRule (.*) - [F]

With some tweaking, you could make this a blacklist.