File manager

File manager - Edit - /usr/local/lswsbak/docs/zh-CN/VHSecurity_Help.html

Back
<!DOCTYPE html> <head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <title>OpenLiteSpeed Users' Manual - 虚拟主机安全</title> <meta name="description" content="OpenLiteSpeed Users' Manual - 虚拟主机安全." /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="robots" content="noindex"> <link rel="shortcut icon" href="../img/favicon.ico" /> <link rel="stylesheet" type="text/css" href="../css/hdoc.css"> </head> <body> <div class="pagewrapper clearfix"><aside class="sidetree ls-col-1-5"> <figure> <img src="img/ols_logo.svg" alt="openlitespeed logo" width="150px"/> </figure> <h2 class="ls-text-thin"> OpenLiteSpeed Web Server <a href="index.html"> Users' Manual</a> </h2> <h3 class="ls-text-muted">Version 1.8  — Rev. 3</h3> <hr/> <div> <ul> <li><a href="license.html">License</a></li> <li><a href="intro.html">Introduction</a></li> <li><a href="install.html">Installation</a></li> <li> <a href="admin.html">Administration</a> <ul class="level2"> <li><a href="ServerStat_Help.html">Service Manager</a></li> <li><a href="Real_Time_Stats_Help.html">Real-Time Stats</a></li> </ul> </li> <li><a href="security.html">Security</a></li> <li> <a href="config.html">Configuration</a> <ul class="level2"> <li><a href="ServGeneral_Help.html">Server General</a></li> <li><a href="ServLog_Help.html">Server Log</a></li> <li><a href="ServTuning_Help.html">Server Tuning</a></li> <li><a href="ServSecurity_Help.html">Server Security</a></li> <li><a href="ExtApp_Help.html">External Apps</a></li> <ul class="level3"> <li><a href="External_FCGI.html">Fast CGI App</a></li> <li><a href="External_FCGI_Auth.html">Fast CGI Authorizer</a></li> <li><a href="External_LSAPI.html">LSAPI App</a></li> <li><a href="External_Servlet.html">Servlet Engine</a></li> <li><a href="External_WS.html">Web Server</a></li> <li><a href="External_PL.html">Piped logger</a></li> <li><a href="External_LB.html">Load Balancer</a></li> </ul> <li><a href="ScriptHandler_Help.html">Script Handler</a></li> <li><a href="App_Server_Help.html">App Server Settings</a></li> <li><a href="Module_Help.html">Module Configuration</a></li> <li><a href="Listeners_General_Help.html">Listener General</a></li> <li><a href="Listeners_SSL_Help.html">Listener SSL</a></li> <li><a href="Templates_Help.html">Virtual Host Templates</a></li> <li><a href="VirtualHosts_Help.html">Virtual Host Basic</a></li> <li><a href="VHGeneral_Help.html">Virtual Host General</a></li> <li><span class="current"><a href="VHSecurity_Help.html">Virtual Host Security</a></span></li> <li><a href="VHSSL_Help.html">Virtual Host SSL</a></li> <li><a href="Rewrite_Help.html">Rewrite</a></li> <li><a href="Context_Help.html">Context</a></li> <ul class="level3"> <li><a href="Static_Context.html">Static Context</a></li> <li> <a href="Java_Web_App_Context.html">Java Web App Context</a> </li> <li><a href="Servlet_Context.html">Servlet Context</a></li> <li><a href="FCGI_Context.html">Fast CGI Context</a></li> <li><a href="LSAPI_Context.html">LSAPI Context</a></li> <li><a href="Proxy_Context.html">Proxy Context</a></li> <li><a href="CGI_Context.html">CGI Context</a></li> <li><a href="LB_Context.html">Load Balancer Context</a></li> <li><a href="Redirect_Context.html">Redirect Context</a></li> <li><a href="App_Server_Context.html">App Server Context</a></li> <li><a href="Module_Context.html">Module Handler Context</a></li> </ul> <li><a href="VHWebSocket_Help.html">Web Socket Proxy</a></li> </ul> </li> <li><a href="webconsole.html">Web Console</a> <ul class="level2"> <li><a href="AdminGeneral_Help.html">Admin Console General</a></li> <li><a href="AdminSecurity_Help.html">Admin Console Security</a></li> <li> <a href="AdminListeners_General_Help.html"> Admin Listener General </a> </li> <li> <a href="AdminListeners_SSL_Help.html">Admin Listener SSL</a> </li> </ul> </li> </ul> </div> </aside> <article class="contentwrapper ls-col-3-5 clearfix"><div class="nav-bar ls-spacer-micro-top"><div class="prev">&#171 <a href="VHGeneral_Help.html">虚拟主机一般设置</a></div><div class="center"><a href="config.html">Configuration</a></div><div class="next"><a href="VHSSL_Help.html">虚拟主机SSL</a> »</div></div> <h1>虚拟主机安全</h1><h2 id="top">Table of Contents</h2><section class="toc"><section class="toc-row"><header><a href="#VHlsrecaptcha">reCAPTCHA 保护</a></header><p> <a href="#enableRecaptcha">启用reCAPTCHA</a> \| <a href="#recaptchaSiteKey">网站密匙</a> \| <a href="#recaptchaSecretKey">密匙</a> \| <a href="#recaptchaType">reCAPTCHA类型</a> \| <a href="#recaptchaMaxTries">最大尝试次数</a> \| <a href="#recaptchaVhReqLimit">并发请求限制</a></p></section> <section class="toc-row"><header>Containers</header><p> <a href="#bubbleWrap">Bubblewrap Container</a> \| <a href="#namespace">Namespace Container</a> \| <a href="#namespaceConfVhAdd">Additional Namespace Template File</a></p></section> <section class="toc-row"><header><a href="#accessControl">登入限制</a></header><p> <a href="#accessControl_allow">允许列表</a> \| <a href="#accessControl_deny">拒绝列表</a></p></section> <section class="toc-row"><header><a href="#realms">Realms授权</a></header><p> <a href="#realmName">域名称</a> \| <a href="#userDBLocation">用户数据库地址</a> \| <a href="#userDBMaxCacheSize">用户数据库最大缓存大小</a> \| <a href="#userDBCacheTimeout">用户数据库缓存超时 (secs)</a> \| <a href="#GroupDBLocation">组数据库位置</a> \| <a href="#groupDBMaxCacheSize">组数据库最大缓存大小</a> \| <a href="#groupDBCacheTimeout">组数据库缓存超时时长(secs)</a></p></section> </section> <section><div class="helpitem"><article class="ls-helpitem"><div><header id="VHlsrecaptcha"><h3>reCAPTCHA 保护<span class="ls-permlink"><a href="#VHlsrecaptcha"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>reCAPTCHA 保护是一种减轻服务器负载的服务。在下列情况发生后，reCAPTCHA保护将激活激活后,所以不受信任的客户端(可自定)发出的请求将被重定向到reCAPTCHA验证页面验证完成后客户端将被重定向到其所需的页面<br/><br/> 下列情况将启用reCAPTCHA保护: 1. 服务器或虚拟主机并发请求计数超过连接限制。<br/> 2. 启用了Anti-DDoS，并且客户端以可疑的方式访问了URL。客户端将首先重定向到reCAPTCHA，而不是在触发时被拒绝。<br/> 3. 提供了新的重写规则，以通过重写规则激活reCAPTCHA。可以设置“verifycaptcha”将客户端重定向到reCAPTCHA。可以设置一个特殊值':deny'以在客户端失败太多次时拒绝它。例如，[E=verifycaptcha]将始终重定向到reCAPTCHA，直到通过验证。 [E=verifycaptcha: deny]将重定向到reCAPTCHA，如果客户端达到最大尝试次数,将被拒绝。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="enableRecaptcha"><h3>启用reCAPTCHA<span class="ls-permlink"><a href="#enableRecaptcha"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>必须先在服务器级别将此设置设置为<span class="val">是</span>,才能在当前级别启用并使用reCAPTCHA保护功能。 <br/><br/> 默认值:<br/> <b>服务器级别:</b> 是<br/> <b>虚拟主机级别:</b> 继承服务器级别设置</p> <h4>Syntax</h4><p>从单选框选择</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="recaptchaSiteKey"><h3>网站密匙<span class="ls-permlink"><a href="#recaptchaSiteKey"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>站点密钥是Google通过其reCAPTCHA服务提供的公共密钥。如果未设置，将使用默认的站点密钥。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="recaptchaSecretKey"><h3>密匙<span class="ls-permlink"><a href="#recaptchaSecretKey"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>密匙是Google通过其reCAPTCHA服务提供的私钥。如未设置将使用默认的密匙</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="recaptchaType"><h3>reCAPTCHA类型<span class="ls-permlink"><a href="#recaptchaType"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定要与密钥对一起使用的reCAPTCHA类型。如果未提供密钥对，并且此设置设置为 <span class="val">未设置</span>，将使用<span class="val">隐形</span>类型的默认密钥对。<br/> <span class="val">复选框</span>将显示一个复选框reCAPTCHA，以供访问者验证。<br/> <span class="val">隐形</span>将尝试自动验证reCAPTCHA，如果成功，将重定向到所需的页面。<br/><br/> 默认值为<span class="val">隐形</span>。</p> <h4>Syntax</h4><p>从列表中选择</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="recaptchaMaxTries"><h3>最大尝试次数<span class="ls-permlink"><a href="#recaptchaMaxTries"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>“最大尝试次数”指定在拒绝访客之前允许的最大reCAPTCHA次尝试次数。<br/> 默认值是 <span class="val">3</span>.</p> <h4>Syntax</h4><p>整数</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="recaptchaVhReqLimit"><h3>并发请求限制<span class="ls-permlink"><a href="#recaptchaVhReqLimit"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>激活reCAPTCHA所需的并发请求数。当并发请求数超过该值时将启用reCAPTCHA，默认值为<span class="val">15000</span>.</p> <h4>Syntax</h4><p>整数</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="bubbleWrap"><h3>Bubblewrap Container<span class="ls-permlink"><a href="#bubbleWrap"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Set to <span class="val">Enabled</span> if you wish to start CGI processes (including PHP programs) in a bubblewrap sandbox. See <a href=" https://wiki.archlinux.org/title/Bubblewrap " target="_blank" rel="noopener noreferrer"> https://wiki.archlinux.org/title/Bubblewrap </a> for details on using bubblewrap. Bubblewrap must be installed on your system prior to using this setting.<br/><br/> This setting cannot be turned on at the Virtual Host level if set to "Disabled" at the Server level.<br/><br/> Default values:<br/> <b>Server level:</b> Disabled<br/> <b>VH level:</b> Inherit Server level setting</p> <h4>Syntax</h4><p>从列表中选择</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="namespace"><h3>Namespace Container<span class="ls-permlink"><a href="#namespace"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Set to <span class="val">Enabled</span> if you wish to start CGI processes (including PHP programs) in a namespace container sandbox. Only used when <span class="tagl"><a href="ServSecurity_Help.html#bubbleWrap">Bubblewrap Container</a></span> is set to <span class="val">Disabled</span>.<br/><br/> When not <span class="val">Disabled</span> at the Server level, this settings value can be overridden at the Virtual Host level.<br/><br/> Default values:<br/> <b>Server level:</b> <span class="val">Disabled</span><br/> <b>Virtual Host Level:</b> Inherit Server level setting</p> <h4>Syntax</h4><p>从列表中选择</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="namespaceConfVhAdd"><h3>Additional Namespace Template File<span class="ls-permlink"><a href="#namespaceConfVhAdd"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Path to an existing configuration file containing a list of directories to be mounted along with the methods used to mount them. If <span class="tagl"><a href="ServSecurity_Help.html#namespaceConf">Namespace Template File</a></span> is also set at the Server level, both files will be used.</p> <h4>Syntax</h4><p>可以说绝对路径,也可以是相对于$SERVER_ROOT或$VH_ROOT的相对路径。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="accessControl"><h3>登入限制<span class="ls-permlink"><a href="#accessControl"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定哪些子网络和/或IP地址可以访问该服务器。这是影响所有的虚拟主机的服务器级别设置。您还可以为每个虚拟主机设置登入限制。虚拟主机的设置不会覆盖服务器设置。<br/><br/> 是否阻止/允许一个IP是由允许列表与阻止列表共同决定。如果你想阻止某个特定IP或子网，请在<span class="tagl"><a href="#accessControl_allow">允许列表</a></span>中写入<span class="val"></span> 或 <span class="val">ALL</span>，并在<span class="tagl"><a href="#accessControl_deny">拒绝列表</a></span>中写入需要阻止的IP或子网。如果你想允许某个特定的IP或子网，请在<span class="tagl"><a href="#accessControl_deny">拒绝列表</a></span>中写入<span class="val"></span> 或 <span class="val">ALL</span>，并在<span class="tagl"><a href="#accessControl_allow">允许列表</a></span>中写入需要允许的IP或子网。单个IP地址是被允许访问还是禁止访问取决于该IP符合的最小限制范围。<br/><br/> 信任的IP或子网络可以在<span class="tagl"><a href="#accessControl_allow">允许列表</a></span>列表中添加后缀“T”来指定。受信任的IP或子网不受连接数/流量限制。只有服务器级别的登入限制才可以设置受信任的IP或子网。</p> <h4>提示</h4><p>[安全建议] 用此项设置适用于所有虚拟主机的常规限制。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="accessControl_allow"><h3>允许列表<span class="ls-permlink"><a href="#accessControl_allow"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定允许的IP地址或子网的列表。可以使用{VAL}</span>或{VAL}ALL</span>。</p> <h4>Syntax</h4><p>逗号分隔的IP地址或子网列表。结尾加上“T”可以用来表示一个受信任的IP或子网，如{VAL}192.168.1.T</span>。</p> <h4>例子</h4><div class="ls-example">子网: <span class="val">192.168.1.0/255.255.255.0</span>, <span class="val">192.168.1.0/24</span>, <span class="val">192.168.1</span> 或 <span class="val">192.168.1.</span>. <br/> IPv6 地址: <span class="val">::1</span> 或 <span class="val">[::1]</span> <br/> IPv6 子网: <span class="val">3ffe:302:11:2:20f:1fff:fe29:717c/64</span> 或 <span class="val">[3ffe:302:11:2:20f:1fff:fe29:717c]/64</span>.</div><h4>提示</h4><p>[安全建议] 在服务器级别设置的受信任的IP或子网不受连接/节流限制。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="accessControl_deny"><h3>拒绝列表<span class="ls-permlink"><a href="#accessControl_deny"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定不允许的IP地址或子网的列表。</p> <h4>Syntax</h4><p>逗号分隔的IP地址或子网列表。可以使用{VAL}</span>或{VAL}ALL</span>。</p> <h4>例子</h4><div class="ls-example">子网: <span class="val">192.168.1.0/255.255.255.0</span>, <span class="val">192.168.1.0/24</span>, <span class="val">192.168.1</span> 或 <span class="val">192.168.1.*</span>. <br/> IPv6 地址: <span class="val">::1</span> 或 <span class="val">[::1]</span> <br/> IPv6 子网: <span class="val">3ffe:302:11:2:20f:1fff:fe29:717c/64</span> 或 <span class="val">[3ffe:302:11:2:20f:1fff:fe29:717c]/64</span>.</div></article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="realms"><h3>Realms授权<span class="ls-permlink"><a href="#realms"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>列出这个虚拟主机的所有Realm。 Realm授权可以阻止未授权用户访问受保护的网页。 Realm是一个用户名录，其中包含了用户名、密码、分组（可选）。授权是在context级别执行的。不同的context可以共享相同的Realm（用户数据库），所以Realm是与调用它的context分开定义的。你可以通过context配置中的名称识别Realm。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="realmName"><h3>域名称<span class="ls-permlink"><a href="#realmName"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定授权域的唯一名称。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="userDBLocation"><h3>用户数据库地址<span class="ls-permlink"><a href="#userDBLocation"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定用户数据库的位置。建议将数据库存储在$ SERVER_ROOT / conf / vhosts / $ VH_NAME /目录下。<br/><br/> 对于类型为<span class="val">Password File</span>的数据库，应设置为包含用户名/密码的展平文件的路径。您可以在WebAdmin控制台中点击文件名来进行修改。<br/> 用户文件的每一行都包含一个用户名，后跟一个冒号，然后是一个crypt()加密的密码，后面还可以跟一个冒号和用户所属的组。多个组名用逗号隔开。<br/><br/> Example:<blockquote><code>john:HZ.U8kgjnMOHo:admin,user</code></blockquote></p> <h4>Syntax</h4><p>Path to user DB file.</p> <h4>See Also</h4><p class="ls-text-small"><span class="tagl"><a href="#GroupDBLocation">组数据库位置</a></span>, <span class="tagl"><a href="#userDB_attrPasswd">密码属性名</a></span>, <span class="tagl"><a href="#userDB_attrMemberOf">Member-of 属性</a></span></p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="userDBMaxCacheSize"><h3>用户数据库最大缓存大小<span class="ls-permlink"><a href="#userDBMaxCacheSize"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定用户数据库的最大缓存大小。最近访问的用户认证信息会被缓存在内存中以提供最佳性能。</p> <h4>Syntax</h4><p>整数</p> <h4>提示</h4><p>[性能建议] 由于更大的缓存会消耗更多的内存，更高的值可能会也可能不会提供更好的性能。请根据您的用户数据库大小和网站使用情况来设定一个合适的大小。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="userDBCacheTimeout"><h3>用户数据库缓存超时 (secs)<span class="ls-permlink"><a href="#userDBCacheTimeout"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定多久检查一次后端用户数据库变更。在缓存中每个条目都有一个时间戳。当缓存日期超过指定的超时时间时，将检查后端数据库是否有变化。如果没有，时间戳将被重置为当前时间，否则会将新的数据载入。服务器重载和平滑重启会立即清除缓存。</p> <h4>Syntax</h4><p>整数</p> <h4>提示</h4><p>[性能建议] 如果后端数据库不经常发生变更，设置较长的缓存时间来获得更好的性能。</p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="GroupDBLocation"><h3>组数据库位置<span class="ls-permlink"><a href="#GroupDBLocation"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定组数据库的位置。<br/> 组信息可以在用户数据库或在这个独立的组数据库中设置。用于用户验证时，将首先检查用户数据库。如果用户数据库同样包含组信息，组数据库将不被检查。<br/> 对于类型为<span class="val">Password File</span>的数据库，组数据库地址应当是到达包含有组定义的平面文件的路径。你可以在WebAmin控制台中点击文件名来修改这个设置。<br/> 每一行组文件应当包含一个组名，组名后面跟一个冒号，并在冒号后面使用空格来分割组中的用户名。例如: <blockquote><code>testgroup: user1 user2 user3</code></blockquote></p> <h4>Syntax</h4><p>文件名可以是绝对路径,也可以是相对于$SERVER_ROOT,$VH_ROOT的相对路径。</p> <h4>See Also</h4><p class="ls-text-small"><span class="tagl"><a href="#userDBLocation">用户数据库地址</a></span>, Context <span class="tagl"><a href="Context_Help.html#required">Require（授权的用户/组）</a></span>, <span class="tagl"><a href="#groupDB_attrGroupMember">组成员属性名</a></span></p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="groupDBMaxCacheSize"><h3>组数据库最大缓存大小<span class="ls-permlink"><a href="#groupDBMaxCacheSize"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定组数据库的最大缓存大小。</p> <h4>Syntax</h4><p>整数</p> <h4>提示</h4><p>[性能建议] 由于更大的缓存会消耗更多的内存，更高的值可能会也可能不会提供更好的性能。请根据你的用户数据库大小和网站使用情况来设置合适的大小。</p> <h4>See Also</h4><p class="ls-text-small"><span class="tagl"><a href="#userDBMaxCacheSize">用户数据库最大缓存大小</a></span></p> </article> </div> <div class="helpitem"><article class="ls-helpitem"><div><header id="groupDBCacheTimeout"><h3>组数据库缓存超时时长(secs)<span class="ls-permlink"><a href="#groupDBCacheTimeout"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>指定多长时间后台组数据库将检查一次变更。查看更多详细信息查看<span class="tagl"><a href="#userDBCacheTimeout">用户数据库缓存超时 (secs)</a></span>。</p> <h4>Syntax</h4><p>整数</p> <h4>See Also</h4><p class="ls-text-small"><span class="tagl"><a href="#userDBCacheTimeout">用户数据库缓存超时 (secs)</a></span></p> </article> </div> </section> </article><div class="ls-col-1-1"><footer class="copyright">Copyright © 2013-2020. <a href="https://www.litespeedtech.com">LiteSpeed Technologies Inc.</a> 版权所有.</footer> </div></div> </body> </html>

| ver. 1.4 | Github | . | PHP 8.2.28 | Generation time: 0.02 | proxy | phpinfo | Settings