11.18 Apache用户认证 11.19/11.20 域名跳转 11.21 Apache访问日志

十周三次课
11.18 Apache用户认证
11.19/11.20 域名跳转
11.21 Apache访问日志
扩展 
apache虚拟主机开启php的短标签   http://ask.apelearn.com/question/5370

11.18 Apache用户认证

为增强网站的安全性，可对指定页面采用用户认证的方式进行访问

修改虚拟主机配置文件

[root@linux-5 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/def.com"
    ServerName def.com
    ServerAlias www.def.com www.456.com
    <Directory /data/wwwroot/def.com> //指定认证的目录
        AllowOverride AuthConfig //这个相当于打开认证的开关
        AuthName "def.com user auth" //自定义认证的名字，作用不大
        AuthType Basic //认证的类型，一般为Basic，其他类型很少用
        AuthUserFile /data/.htpasswd  //指定密码文件所在位置
        require valid-user //指定需要认证的用户为全部可用用户
    </Directory>
    ErrorLog "logs/def.com-error_log"
    CustomLog "logs/def.com-access_log" common
</VirtualHost>

注：实际修改时要把注释都删掉，否则配置文件可能会报错

创建用户认证所需的用户和密码

[root@linux-5 ~]# /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd lem 
New password: 
Re-type new password: 
Adding password for user lem
[root@linux-5 ~]# cat /data/.htpasswd 
lem:$apr1$eajZKgW0$0nM0gJQaBPtmBbuWzRcPr.

-c为创建密码文件，-m为md5的加密方式，当需要添加其他用户时（如lem2），则不需要加-c选项。

重新加载配置

[root@linux-5 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@linux-5 ~]# /usr/local/apache2.4/bin/apachectl graceful

访问测试

[root@linux-5 ~]# curl -x 192.168.88.5:80 def.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

测试发现产生了401的状态码，401代表着访问的内容需要做用户认证

[root@linux-5 ~]# curl -x 192.168.88.5:80 -u lem:123456 def.com
def.com[root@linux-5 ~]# 

-u选项可以使curl命令输入用户认证所需的账户和密码，输入正确的账号和密码后，访问正常。

针对单个文件进行认证

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/def.com"
    ServerName def.com
    ServerAlias www.def.com www.456.com
    <FilesMatch admin.php>
        AllowOverride AuthConfig
        AuthName "def.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>
    ErrorLog "logs/def.com-error_log"
    CustomLog "logs/def.com-access_log" common
</VirtualHost>

访问测试

admin[root@linux-5 ~]# curl -x 192.168.88.5:80 def.com
def.com
//def.com可以正常访问
[root@linux-5 ~]# curl -x 192.168.88.5:80 def.com/admin.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
//访问admin.php会显示401
[root@linux-5 ~]# curl -x 192.168.88.5:80 -u lem:123456 def.com/admin.php
admin
//输入正确的用户名和密码后可以正常访问admin.php

11.19/11.20 域名跳转

修改虚拟主机配置文件

<VirtualHost *:80>
[root@linux-5 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
DocumentRoot "/data/wwwroot/def.com"
    ServerName def.com
    ServerAlias www.def.com www.456.com
<IfModule mod_rewrite.c> //需要mod_rewrite模块支持
 RewriteEngine on  //打开rewrite功能
 RewriteCond %{HTTP_HOST} !^def.com$  //定义rewrite的条件，主机名（域名）不是www.123.com满足条件
 RewriteRule ^/(.*)$ http://def.com/$1 [R=301,L] //定义rewrite规则，当满足上面的条件时，这条规则才会执行
</IfModule>
 ErrorLog "logs/def.com-error_log"
 CustomLog "logs/def.com-access_log" common
</VirtualHost>

R=301 永久重定向；R=302 临时重定向（浏览器不友好，不会降低源域名的权重增至新域名）；
L只跳转一次

检测Apache是否加载了rewrite模块

[root@linux-5 ~]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite
[root@linux-5 ~]#         //输出为空，则说明Apache没有加载此模块
//若无该模块，需要编辑配置文件httpd.conf，删除rewrite_module (shared) 前面的#
[root@linux-5 ~]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite
 rewrite_module (shared)  //再次检测，有相应输出，说明模块已加载

访问测试

[root@linux-5 ~]# curl -x 192.168.88.5:80 www.def.com -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 30 May 2018 05:28:45 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.32
Location: http://def.com/
Content-Type: text/html; charset=iso-8859-1

-I 选项可以不显示访问内容，显示状态码
状态码为301，说明已经跳转成功。

11.21 Apache访问日志

日志格式

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common  //默认格式

%h：来源IP

%l ：用户

%u：用户名密码

%t：时间

%r：行为（一般是“动作 目标网址”）

%>s：状态码

%b：大小

%{Referer}：访问目标网址前所在的网址（比如，在猿课论坛上创建一个指向本地Apache服务的网址，那么在本地Apache的访问日志上的Referer一项就会显示猿课论坛的网址）

%{User-Agent}：用户代理，就是用户通过何种方式进行访问（curl，谷歌浏览器等）

修改日志格式

[root@linux-5 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
CustomLog "logs/def.com-access_log" combined  //将common改为combined

转载于:https://my.oschina.net/u/3866935/blog/1921226