apache在cdn後面看到的都是cdn推送過來的ip,無法看到真實的客戶端ip,更無法對某些目錄做特定的ip訪問限制,解決步驟如下:
1. 先安裝mod_rpaf模塊,在httpd.conf裏添加:
LoadModule rpaf_module modules/mod_rpaf.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 172.168.10.15 cdn的所有ip地址或地址段
RPAFheader X-Forwarded-For
2. 然後在所要限制訪問的目錄裏添加如下(ip換成你需要的ip):
<Directory /path/to/protected/directory>
SetEnvIf X-FORWARDED-FOR 93.75.252.219 allowedip
SetEnvIf X-FORWARDED-FOR 110.170.50.32 allowedip
order deny,allow
deny from all
allow from env=allowedip
</Directory>