Fatal编程技术网
  • linux/
  • Linux 403端口443上的禁止访问(SSL)

Linux 403端口443上的禁止访问(SSL)

linux apache http ssl https

Linux 403端口443上的禁止访问(SSL),linux,apache,http,ssl,https,Linux,Apache,Http,Ssl,Https,我正在尝试在位于本地网络的网页上设置SSL。首先,我使用openssl生成了一个证书,并修改了apache2目录中的一些.conf文件。不幸的是,我遇到了403禁止访问错误。它只涉及443端口(HTTPS)HTTP(80)工作得非常好。顺便说一句,加密工作是因为我的浏览器显示您的连接已加密… httpd.conf 仅包括以下文件 default-vhost.conf(端口80)-正常工作 DocumentRoot“/srv/www/htdocs” 选项+FollowSymLinks 选项无 允

我正在尝试在位于本地网络的网页上设置SSL。首先,我使用openssl生成了一个证书,并修改了apache2目录中的一些.conf文件。不幸的是,我遇到了
403禁止访问错误
。它只涉及
443端口(HTTPS)
<代码>HTTP(80)工作得非常好。顺便说一句,加密工作是因为我的浏览器显示
您的连接已加密…

httpd.conf 仅包括以下文件

default-vhost.conf(端口80)-正常工作


DocumentRoot“/srv/www/htdocs”
选项+FollowSymLinks
选项无
允许超越所有
命令允许,拒绝
通融
default-vhost-ssl.conf(443)-不工作

#<IfDefine SSL>
#<IfDefine !NOSSL>

<VirtualHost _default_:443>

    ServerName 10.83.200.80:443
    ServerAlias 10.83.200.80:443
    DocumentRoot "/srv/www/htdocs"
    ErrorLog /var/log/apache2/error_log
    TransferLog /var/log/apache2/access_log

    <Directory "/srv/www/htdocs">
        Options +FollowSymLinks
        Options None
        Order allow,deny

        AllowOverride All

        Require all granted
    </Directory>    

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5   
    #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
    #SSLHonorCipherOrder on 

    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt

    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
    #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key

    #SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt

    #SSLCACertificatePath /etc/apache2/ssl.crt
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

    #SSLCARevocationPath /etc/apache2/ssl.crl
    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

    #SSLVerifyClient require
    #SSLVerifyDepth  10

    #   Access Control:
    #   With SSLRequire you can do per-directory access control based
    #   on arbitrary complex boolean expressions containing server
    #   variable checks and other lookup directives.  The syntax is a
    #   mixture between C and Perl.  See the mod_ssl documentation
    #   for more details.
    #<Location />
    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
    #</Location>

    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory "/srv/www/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    CustomLog /var/log/apache2/ssl_request_log   ssl_combined

    #
    # some Rewrite stuff for sharedssl
    #
    #RewriteEngine on
    ##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
    ##RewriteLogLevel 3
    #RewriteCond %{HTTP_HOST}  ^webmail\..* [NC]
    #RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
    #RewriteRule ^/$ /roundcube [R]

</VirtualHost>                                  

#</IfDefine>
#</IfDefine>

#
#
服务器名10.83.200.80:443
服务器别名10.83.200.80:443
DocumentRoot“/srv/www/htdocs”
ErrorLog/var/log/apache2/error\u log
TransferLog/var/log/apache2/access\u log
选项+FollowSymLinks
选项无
命令允许,拒绝
允许超越所有
要求所有授权
斯伦金安
SSLProtocol all-SSLv2
SSLCipherSuite高:中:!阿努尔:!MD5
#SSLCipherSuite RC4-SHA:AES128-SHA:高:中:!阿努尔:!MD5
#SSLHonorCipherOrder开启
SSLCertificateFile/etc/apache2/ssl.crt/server.crt
#SSLCertificateFile/etc/apache2/ssl.crt/server-dsa.crt
SSLCertificateKeyFile/etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile/etc/apache2/ssl.key/server-dsa.key
#SSLCertificateChainFile/etc/apache2/ssl.crt/ca.crt
#SSLCACertificatePath/etc/apache2/ssl.crt
#SSLCACertificateFile/etc/apache2/ssl.crt/ca-bundle.crt
#sslcavocationpath/etc/apache2/ssl.crl
#sslcaverocationfile/etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient要求
#SSLVerifyDepth 10
#访问控制:
#使用SSLRequire,您可以基于
#关于包含服务器的任意复杂布尔表达式
#变量检查和其他查找指令。语法是
#C和Perl之间的混合。请参阅mod_ssl文档
#更多细节。
#
#SSLRequire(%%{SSL_CIPHER}!~m/^(EXP|NULL)/\
#以及%{SSL_CLIENT_S_DN_O}eq“蛇油有限公司”\
#和{“Staff”、“CA”、“Dev}中的%{SSL_CLIENT_S_DN_OU}\

#和%{TIME\u WDAY}>=1和%{TIME\u WDAY}=8和%{TIME\u HOUR}检查您的apache 2.4还是更高版本?
Require all grated
在该版本上是一个新事物,无法在较低版本上工作,并且由于配置上的
order
指令,它可能返回
403
错误。请尝试改用
Allow
来代替,就像您的
80
端口c一样配置。谢谢你,现在开始工作了

#<IfDefine SSL>
#<IfDefine !NOSSL>

<VirtualHost _default_:443>

    ServerName 10.83.200.80:443
    ServerAlias 10.83.200.80:443
    DocumentRoot "/srv/www/htdocs"
    ErrorLog /var/log/apache2/error_log
    TransferLog /var/log/apache2/access_log

    <Directory "/srv/www/htdocs">
        Options +FollowSymLinks
        Options None
        Order allow,deny

        AllowOverride All

        Require all granted
    </Directory>    

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5   
    #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
    #SSLHonorCipherOrder on 

    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt

    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
    #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key

    #SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt

    #SSLCACertificatePath /etc/apache2/ssl.crt
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

    #SSLCARevocationPath /etc/apache2/ssl.crl
    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

    #SSLVerifyClient require
    #SSLVerifyDepth  10

    #   Access Control:
    #   With SSLRequire you can do per-directory access control based
    #   on arbitrary complex boolean expressions containing server
    #   variable checks and other lookup directives.  The syntax is a
    #   mixture between C and Perl.  See the mod_ssl documentation
    #   for more details.
    #<Location />
    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
    #</Location>

    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory "/srv/www/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    CustomLog /var/log/apache2/ssl_request_log   ssl_combined

    #
    # some Rewrite stuff for sharedssl
    #
    #RewriteEngine on
    ##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
    ##RewriteLogLevel 3
    #RewriteCond %{HTTP_HOST}  ^webmail\..* [NC]
    #RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
    #RewriteRule ^/$ /roundcube [R]

</VirtualHost>                                  

#</IfDefine>
#</IfDefine>