Debian 上 Apache 的权限管理可从运行身份、文件系统权限、目录访问控制、认证与加固四个层面系统化配置,兼顾安全与可维护性。
systemctl restart apache2。a2dismod module_name;变更后重启服务。ufw allow 'Apache Full'(或仅开放 80/443)。usermod -aG groupname username)sudo chown -R www-data:www-data /var/www/htmlfind /var/www/html -type d -exec chmod 755 {} \;find /var/www/html -type f -exec chmod 644 {} \;tune2fs -o acl /dev/sdXn && mount -o remount /mount_pointsetfacl -m u:username:rwx /path/to/dir<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
sudo htpasswd -c /etc/apache2/.htpasswd usernameAuthType Basic
AuthName "Restricted Area"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
<Location "/restricted">
Require ip 192.168.1.0/24 203.0.113.10
</Location>
systemctl restart apache2。a2enconf security 启用):<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer-when-downgrade"
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none';"
</IfModule>
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com。/var/log/apache2/access.log、/var/log/apache2/error.log,建议结合 tail -f 或日志分析工具持续观察。aa-enforce /etc/apparmor.d/usr.sbin.httpd 强化;若使用 SELinux,需为 httpd 配置相应策略。