一 Apache配置剖析
1.1 Apache连接保持
● Apache连接保持相关参数
● KeepAlive
● 是否打开连接保持,OFF关闭,ON打开
● KeepAliveTimeout
● 一次连接多次请求之间的最大间隔时间,两次请求超过该时间连接断开
● MaxKeepAliveRequests
● 一次连接能够传输的最大请求数量
1.2 Apache访问控制
● 作用
● 控制对网站资源的访问
● 为特定的网站目录添加访问授权
● 常用访问控制方式
● 客户机地址限制
● 用户授权限制
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-default.conf
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
打开抓包软件,抓取20.0.0.21回应20.0.0.1的http/1.1 的报文
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-default.conf
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 10
[root@localhost ~]# systemctl restart httpd.service
_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L01yX0NoZW5XSg==,size_16,color_FFFFFF,t_70#pic_center)
[root@localhost ~]# cd /usr/local/httpd/
[root@localhost httpd]# bin/htpasswd -C /usr/local/httpd/conf/.awspwd webadmin
bin/htpasswd: argument to -C must be a positive integer
[root@localhost httpd]# bin/htpasswd -c /usr/local/httpd/conf/.awspwd webadmin
New password:
Re-type new password:
Adding password for user webadmin
[root@localhost httpd]# cat /usr/local/httpd/conf/.awspwd
webadmin:$apr1$R2/KRK/E$p8nlEwHMxKE5qfZJHDaxA1
[root@localhost httpd]# bin/htpasswd /usr/local/httpd/conf/.awspwd webadmin
New password:
Re-type new password:
Updating password for user webadmin
[root@localhost httpd]# cat /usr/local/httpd/conf/.awspwd
webadmin:$apr1$AGqo6WYI$w7dhh4fgzoUuCo3DqMuwX/
[root@localhost ~]# cd /usr/local/httpd/
[root@localhost httpd]# htpasswd -c /usr/local/httpd/conf/.aa admin ##若省略-c,则表示指定的用户数据文件已存在,无需重新创建##
New password:
Re-type new password:
Adding password for user admin
[root@localhost httpd]# vi /usr/local/httpd/conf/httpd.conf
. . . . . . ##此处省略部分内容##
<Directory "/usr/local/httpd/htdocs">
. . . . . . ##此处省略部分内容##
AuthName "Auth Directory"
AuthType Basic
AuthUserFile /usr/local/httpd/conf/.aa
require valid-user
</Directory>
二 Apache日志管理
2.1 日志分割
● 随着网站的访问量增大,默认情况下Apache的单个日志文件也会越来越大
● 日志文件占用磁盘空间很大
● 查看相关信息不方便
● 对日志文件进行分割
● Apache自带rotatelogs分割工具实现
● 第三方工具cronolog分割
(1) 自带rotatelogs分割工具
[root@localhost ~]# mkdir /var/log/httpd
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
ErrorLog "|/usr/local/bin/rotatelogs -l /var/log/httpd/www.51xit.top-error_%Y%m%d.log 86400"
CustomLog "|/usr/local/bin/rotatelogs -l /var/log/httpd/www.51xit.top-access_%Y%m%d.log 86400" common
##找到这两个改下##
[root@localhost ~]# systemctl restart httpd
##浏览器中输入网址登陆下,然后再查看日志##
[root@localhost ~]# ll /var/log/httpd
total 40
-rw-r--r-- 1 root root 299 Sep 1 18:15 www.51xit.top-access_20200901.log
-rw-r--r-- 1 root root 299 Sep 1 18:15 www.51xit.top-error_20200901.log
(2)使用第三方工具cronolog分割
[root@localhost ~]# tar zxvf cronolog-1.6.2.tar.gz
[root@localhost ~]# cd cronolog-1.6.2/
[root@localhost cronolog-1.6.2]# ./configure
[root@localhost cronolog-1.6.2]# make && make install
[root@localhost cronolog-1.6.2]# vi /usr/local/httpd/conf/httpd.conf
ErrorLog "|/usr/local/sbin/cronolog /var/log/httpd/www.51xit.top-error_%Y%m%d.log"
CustomLog "|/usr/local/sbin/cronolog /var/log/httpd/www.51xit.top-access_%Y%m%d.log " common
[root@localhost cronolog-1.6.2]# systemctl restart httpd.service
[root@localhost cronolog-1.6.2]# ll /var/log/httpd/ | grep "www.51xit.top"
2.2 AWStats日志分析
● perl语言(骆驼语言)开发的一款开源日志分析系统
● 可用来分析Apache,Samba,vsftpd,IIS等服务器的访问日志
● 信息结合crond等计划任务服务,可对日志内容定期进行分析
[root@localhost ~]# cd /opt
[root@localhost opt]# wget http://www.awstats.org/files/awstats-7.6.tar.gz
##下载安装包##
[root@localhost opt]# tar zxf awstats-7.6.tar.gz
[root@localhost opt]# mv awstats-7.6 /usr/local/awstats
[root@localhost opt]# cd /usr/local/awstats/tools/
[root@localhost tools]# chmod +x awstats_configure.pl
[root@localhost tools]# ./awstats_configure.pl
. . .
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
> /usr/local/httpd/conf/httpd.conf
. . .
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y
. . .
Your web site, virtual server or profile name:
> www.51xit.top
. . .
Directory path to store config file(s) (Enter for default): ##一直回车##
[root@localhost tools]# vi /etc/httpd.conf
<IfModule !mpm_prefork_module>
LoadModule cgid_module modules/mod_cgid.so ##将#去掉##
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module modules/mod_cgi.so ##将#去掉##
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
#Order allow,deny
#Allow from all
Require all granted ##添加##
</Directory>
[root@localhost tools]# systemctl restart httpd
[root@localhost tools]# vi /etc/awstats/awstats.www.51xit.top.conf
LogFile="/usr/local/httpd/logs/access_log"
DirData="/var/lib/awstats"
[root@localhost ~]# mkdir /var/lib/awstats
[root@localhost ~]# cd /usr/local/awstats/
[root@localhost awstats]# cd tools/
[root@localhost tools]# chmod +x awstats_updateall.pl
[root@localhost tools]# ./awstats_updateall.pl
浏览器访问http://20.0.0.21/awstats/awstats.pl?config=www.51xit.top
[root@localhost ~]# vi /usr/local/httpd/htdocs/awb.html
<html>
<head>
<meta http-equiv=refresh content="0;
url=http://20.0.0.21/awstats/awstats.pl?config=www.51xit.top">
</head>
<body></body>
</html>