apache虚拟主机配置文件
less zcctest.conf
<VirtualHost *:80>
SuexecUserGroup zcctest zcctest
DocumentRoot /var/www/virtual/zcctest/home/wwwroot
ServerName zcctest.w186.abc.com
ServerAlias zcctest.w186.abc.com
DirectoryIndex index.php index.html index.htm
ScriptAlias /php5-cgi /var/www/virtual/zcctest/bin/php-cgi
<Directory /var/www/virtual/zcctest/home/wwwroot>
AddHandler php5-cgi .php
Action php5-cgi /php5-cgi
AllowOverride All
Options -Indexes -ExecCGI Includes IncludesNOEXEC FollowSymLinks
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/virtual/zcctest/home/cgi-bin/
<Directory /var/www/virtual/zcctest/home/cgi-bin/>
Options -Indexes ExecCGI
AllowOverride AuthConfig FileInfo
Allow from all
</Directory>
Alias /error /var/www/virtual/zcctest/home/error
<Directory /var/www/virtual/zcctest/home/error>
AllowOverride None
Options None
Allow from all
</Directory>
ErrorDocument 404 /error/404.html
ErrorDocument 403 /error/403.html
ErrorDocument 500 /error/500.html
CustomLog "|/usr/sbin/rotatelogs -l /var/www/virtual/zcctest/home/logs/zcctest-access_log.%Y.%m.%d 86400" common
ErrorLog "|/usr/sbin/rotatelogs -l /var/www/virtual/zcctest/home/logs/zcctest-error_log.%Y.%m.%d 86400"
CBandScoreboard /var/www/virtual/zcctest/home/logs/bandscore
CBandExceededURL
CBandLimit 10240Mi
CBandPeriod 30D
CBandSpeed 0 0 1000
<Location /cband-stat>
SetHandler cband-status-me
</Location>
</VirtualHost>
脚本
less control.sh
#control.sh -a 主机名 (允许所有)
#control.sh -d 主机名 (拒绝所有)
#control.sh -s 主机名 ip (允许一些ip访问)
#control.sh -x 主机名 ip (拒绝一些ip访问)
#control.sh -i 主机名 目录 ip (允许ip访问目录)
#control.sh -l 主机名 目录 (删除对目录访问的ip限制)
{
FILE=/etc/httpd/vhost.d/$1.conf
a=$(head -n 13 $FILE | tail -n 1 | sed 's=\( *\)==' |awk '{print $1,$2}')
if [ "$a" = "Deny from" ];then
sed -i 's=Deny from .*=Allow from all=' $FILE
elif
ip=$(grep -B 1 "Deny from all" /etc/httpd/vhost.d/$1.conf | head -n 1 | sed 's=\( *\)==')
[ "$ip" = "Options -Indexes -ExecCGI Includes IncludesNOEXEC FollowSymLinks" ];then
sed -i '13s/Deny/Allow/' $FILE
else
grep -v "$ip" $FILE > /tmp/$$.tmp
cat /tmp/$$.tmp > $FILE
sed -i '13s/Deny/Allow/' $FILE
rm /tmp/$$.tmp
fi
}
denyall ()
{
FILE=/etc/httpd/vhost.d/$1.conf
a=$(head -n 13 $FILE | tail -n 1 | sed 's=\( *\)==' |awk '{print $1,$2}')
if [ "$a" = "Allow from" ];then
sed -i '13d' $FILE
sed -i 12a"Deny from all" $FILE
elif grep -q "Deny from .*" $FILE;then
sed -i 's=Deny from .*=Deny from all=' $FILE
else
sed -i '13s/Allow/Deny/' /etc/httpd/vhost.d/$1.conf
fi
number=$(grep "Deny from all" $FILE | wc -l | awk '{print $1}')
if [ "${number}" -ne 1 ];then
sed -i "13d" $FILE
fi
}
allowsome()
{
echo $2 >/tmp/$1.tmp
ip=`sed "s/,/ /g" /tmp/$1.tmp`
rm /tmp/$1.tmp
FILE=/etc/httpd/vhost.d/$1.conf
line=$(sed -n '/Deny from all/=' $FILE)
linea=$(($line - 1))
if $(grep -B 1 "Deny from all" $FILE | grep -q '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}');then
sed -e "${linea}s=Allow from .*=Allow from $ip=" $FILE > /tmp/$$.tmp
cat /tmp/$$.tmp > $FILE
rm -f /tmp/$$.tmp
exit 0
fi
if $(grep -q "Deny from all" $FILE) ;then
sed -i ${line}i"Allow from" $FILE
sed "${line}s=Allow from=Allow from $ip=" $FILE > /tmp/$$.tmp
cat /tmp/$$.tmp > $FILE
rm -f /tmp/$$.tmp
fi
}
denysome()
{
echo $2 >/tmp/$1.tmp
ip=`sed "s/,/ /g" /tmp/$1.tmp`
rm /tmp/$1.tmp
FILE=/etc/httpd/vhost.d/$1.conf
if grep -q "Deny from all" $FILE;then
exit 0
fi
a=$(head -n 13 $FILE | tail -n 1 | sed 's=\(^ \)==')
b=$(head -n 13 $FILE | tail -n 1 | sed 's=\(^ \)=='| awk '{print $1,$2}')
if [ X"$a" = X"Allow from all" ];then
sed "13s=Allow from all=Deny from $ip=" $FILE > /tmp/$$.tmp
cat /tmp/$$.tmp > $FILE
rm -f /tmp/$$.tmp
elif [ X"$b" = X"Deny from" ];then
sed "13s=Deny from .*=Deny from $ip=" $FILE > /tmp/$$.tmp
cat /tmp/$$.tmp > $FILE
rm /tmp/$$.tmp
fi
}
ipdirectory()
{
echo $2 >/tmp/$1_Directory.tmp
Directory=$(head -n 1 /tmp/$1_Directory.tmp)
rm /tmp/$1_Directory.tmp
echo $3 >/tmp/$1.tmp
ip=`sed "s/,/ /g" /tmp/$1.tmp`
rm /tmp/$1.tmp
FILE=/etc/httpd/vhost.d/$1.conf
line=$(($(wc -l $FILE | awk '{print $1}') - 1))
if grep -q -o "<Directory /var/www/virtual/$1/home/wwwroot/$Directory>" $FILE ;then
Directoryline=$(($(grep -n -o "<Directory /var/www/virtual/$1/home/wwwroot/$Directory>" $FILE | awk -F : '{print $1}') +5))
sed -i "${Directoryline}s=\(allow from .*\)=\1 $ip=" $FILE
else
sed -i ${line}a"<Directory /var/www/virtual/$1/home/wwwroot/$Directory>" $FILE
sed -i `expr $line + 1`a"AddHandler php5-cgi .php" $FILE
sed -i `expr $line + 2`a"Action php5-cgi /php5-cgi" $FILE
sed -i `expr $line + 3`a"AllowOverride All" $FILE
sed -i `expr $line + 4`a"Options -Indexes -ExecCGI Includes IncludesNOEXEC FollowSymLinks" $FILE
sed -i `expr $line + 5`a"allow from $ip" $FILE
sed -i `expr $line + 6`a"deny from all" $FILE
sed -i `expr $line + 7`a"</Directory>" $FILE
fi
}
delipdirectory()
{
echo $2 >/tmp/$1_Directory.tmp
Directory=$(head -n 1 /tmp/$1_Directory.tmp)
echo $3 >/tmp/$1.tmp
ip=`sed "s/,/ /g" /tmp/$1.tmp`
FILE=/etc/httpd/vhost.d/$1.conf
Directoryline=$(grep -n -o "<Directory /var/www/virtual/$1/home/wwwroot/$Directory>" $FILE | awk -F : '{print $1}')
Da=$(($Directoryline + 7))
sed -i "${Directoryline},${Da}d" $FILE
}
case $1 in
-a)
denyall $2
allowall $2
/sbin/service httpd reload >/dev/null;;
-d)
denyall $2
/sbin/service httpd reload >/dev/null;;
-s)
if [ $# -eq 2 ];then
denyall $2
else
denyall $2
allowsome $2 $3
/sbin/service httpd reload >/dev/null
fi;;
-x)
denyall $2
allowall $2
denysome $2 $3
/sbin/service httpd reload >/dev/null;;
-i)
ipdirectory $2 $3 $4
/sbin/service httpd reload >/dev/null;;
-l)
delipdirectory $2 $3
/sbin/service httpd reload >/dev/null;;
esac
