Linux 403端口443上的禁止访问(SSL)
我正在尝试在位于本地网络的网页上设置SSL。首先,我使用openssl生成了一个证书,并修改了apache2目录中的一些.conf文件。不幸的是,我遇到了Linux 403端口443上的禁止访问(SSL),linux,apache,http,ssl,https,Linux,Apache,Http,Ssl,Https,我正在尝试在位于本地网络的网页上设置SSL。首先,我使用openssl生成了一个证书,并修改了apache2目录中的一些.conf文件。不幸的是,我遇到了403禁止访问错误。它只涉及443端口(HTTPS)HTTP(80)工作得非常好。顺便说一句,加密工作是因为我的浏览器显示您的连接已加密… httpd.conf 仅包括以下文件 default-vhost.conf(端口80)-正常工作 DocumentRoot“/srv/www/htdocs” 选项+FollowSymLinks 选项无 允
403禁止访问错误
。它只涉及443端口(HTTPS)
<代码>HTTP(80)工作得非常好。顺便说一句,加密工作是因为我的浏览器显示您的连接已加密…
httpd.conf
仅包括以下文件
default-vhost.conf(端口80)-正常工作
DocumentRoot“/srv/www/htdocs”
选项+FollowSymLinks
选项无
允许超越所有
命令允许,拒绝
通融
default-vhost-ssl.conf(443)-不工作
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost _default_:443>
ServerName 10.83.200.80:443
ServerAlias 10.83.200.80:443
DocumentRoot "/srv/www/htdocs"
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
<Directory "/srv/www/htdocs">
Options +FollowSymLinks
Options None
Order allow,deny
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
#SSLCACertificatePath /etc/apache2/ssl.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
#
# some Rewrite stuff for sharedssl
#
#RewriteEngine on
##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
##RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
#RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
#RewriteRule ^/$ /roundcube [R]
</VirtualHost>
#</IfDefine>
#</IfDefine>
#
#
服务器名10.83.200.80:443
服务器别名10.83.200.80:443
DocumentRoot“/srv/www/htdocs”
ErrorLog/var/log/apache2/error\u log
TransferLog/var/log/apache2/access\u log
选项+FollowSymLinks
选项无
命令允许,拒绝
允许超越所有
要求所有授权
斯伦金安
SSLProtocol all-SSLv2
SSLCipherSuite高:中:!阿努尔:!MD5
#SSLCipherSuite RC4-SHA:AES128-SHA:高:中:!阿努尔:!MD5
#SSLHonorCipherOrder开启
SSLCertificateFile/etc/apache2/ssl.crt/server.crt
#SSLCertificateFile/etc/apache2/ssl.crt/server-dsa.crt
SSLCertificateKeyFile/etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile/etc/apache2/ssl.key/server-dsa.key
#SSLCertificateChainFile/etc/apache2/ssl.crt/ca.crt
#SSLCACertificatePath/etc/apache2/ssl.crt
#SSLCACertificateFile/etc/apache2/ssl.crt/ca-bundle.crt
#sslcavocationpath/etc/apache2/ssl.crl
#sslcaverocationfile/etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient要求
#SSLVerifyDepth 10
#访问控制:
#使用SSLRequire,您可以基于
#关于包含服务器的任意复杂布尔表达式
#变量检查和其他查找指令。语法是
#C和Perl之间的混合。请参阅mod_ssl文档
#更多细节。
#
#SSLRequire(%%{SSL_CIPHER}!~m/^(EXP|NULL)/\
#以及%{SSL_CLIENT_S_DN_O}eq“蛇油有限公司”\
#和{“Staff”、“CA”、“Dev}中的%{SSL_CLIENT_S_DN_OU}\
#和%{TIME\u WDAY}>=1和%{TIME\u WDAY}=8和%{TIME\u HOUR}检查您的apache 2.4还是更高版本?Require all grated
在该版本上是一个新事物,无法在较低版本上工作,并且由于配置上的order
指令,它可能返回403
错误。请尝试改用Allow
来代替,就像您的80
端口c一样配置。谢谢你,现在开始工作了
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost _default_:443>
ServerName 10.83.200.80:443
ServerAlias 10.83.200.80:443
DocumentRoot "/srv/www/htdocs"
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
<Directory "/srv/www/htdocs">
Options +FollowSymLinks
Options None
Order allow,deny
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
#SSLCACertificatePath /etc/apache2/ssl.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
#
# some Rewrite stuff for sharedssl
#
#RewriteEngine on
##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
##RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
#RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
#RewriteRule ^/$ /roundcube [R]
</VirtualHost>
#</IfDefine>
#</IfDefine>