Apache禁止游览列出的目录文件列表

环境：

CentOS release 6.9 (Final)
nginx 1.6.1

现象：nginx access.log只有记录到一个IP

192.168.1.86 - - [29/Oct/2019:03:44:43 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:46:03 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:46:03 +0800] "GET /web/login.html HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:47:15 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:47:15 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:48:20 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:48:20 +0800] "GET /web/review-reward/evgroup/reward-evgroup-save HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:49:26 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:49:26 +0800] "GET /web/review-reward/evgroup/reward-evgroup-save HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:50:49 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:50:49 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:52:11 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:52:11 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:53:13 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:53:13 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"

导致这个情况的有二种：

• 第一种：192.168.1.86可能是台 当前网络环境中的前端机器
• 第二种：X-Forwarded-For的值没有正确配置出来

对于第二种，解决方法如下：
1、nginx重新编译，configure参数加上选项：–with-http_realip_module
查看当前nginx编译参数：

[root@rui home]# /usr/local/nginx/sbin/nginx -V                                                                                                                                      
nginx version: nginx/1.6.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-openssl=/root/openssl-1.0.2l/ --with-http_ssl_module --add-module=/root/nginx-sticky-module-1.1
[root@rui home]# 

2、进入nginx安装包目录，重新编译，添加–with-http_realip_module参数：

./configure --prefix=/usr/local/nginx --with-openssl=/root/openssl-1.0.2l/ --with-http_ssl_module --add-module=/root/nginx-sticky-module-1.1 --with-http_realip_module

3、编译安装：

make && make install

4、在conf配置中添加：

 server
{
    ...
    set_real_ip_from 192.168.1.0/24;    #允许可此网段过来的访问可以修改real_ip；
    real_ip_header X-Forwarded-For;     #将$x-forward-for的值替换掉real_ip
    ...
    #日志格式如下
    log_format  '$remote_addr - $remote_user [$time_local] "$request" '
            '$status $body_bytes_sent "$http_referer" '
             '"$http_user_agent" $http_x_forwarded_for';
    ...
}

5、重载nginx后，再次查看日志：

42.10.6.109 - - [12/Nov/2019:14:15:29 +0800] "GET /web/ HTTP/1.0" 301 278 "http://wangzhirui.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
51.178.18.228 - - [12/Nov/2019:14:15:44 +0800] "GET /web/j_spring_security_logout HTTP/1.0" 301 278 "http://wangzhirui.com/web/prpapprove/list-for-view?flag=init" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:44 +0800] "GET /weihu.html HTTP/1.0" 200 1894 "http://wangzhirui.com/egrantweb/prpapprove/list-for-view?flag=init" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:51 +0800] "GET / HTTP/1.0" 200 514 "http://wangzhirui.com/Program/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:51 +0800] "GET /web/ HTTP/1.0" 301 278 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:51 +0800] "GET /weihu.html HTTP/1.0" 200 1894 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.81.210 - - [12/Nov/2019:14:15:54 +0800] "POST /web/review-reward/evgroup/reward-evgroup-save HTTP/1.0" 200 0 "http://wangzhirui.com/web/review-reward/evgroup/reward-group-manage?flag=init&atvtype=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
51.178.81.210 - - [12/Nov/2019:14:15:54 +0800] "POST /web/review-reward/evgroup/reward-group-manage?atvtype=1 HTTP/1.0" 200 9394 "http://wangzhirui.com/web/review-reward/evgroup/reward-group-manage?flag=init&atvtype=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"

---

转载请注明来源，欢迎对文章中的引用来源进行考证，欢迎指出任何有错误或不够清晰的表达。