11.18 Apache用户认证(打开网站需要输入用户名密码,访问体验比较差,适合网站管理人员登录时多一道安全)
用户认证过程(所有目录)
编辑
[root
@test ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/
test.com"
ServerName
test.com
ServerAlias
www.test.com
www.test1.com
<Directory /data/wwwroot/
test.com> (
这里指定了整个目录做匹配认证)
AllowOverride AuthConfig
AuthName "test.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/
test.com-error_log"
CustomLog "logs/
test.com-access_log" common
</VirtualHost>
生成密码文件 -c创建密码文件 -m加密 (MD5加密码)
[root
@test ~]# /usr/local/apache/bin/htpasswd -c -m /data/.htpasswd test(定义的用户名)
New password:
Re-type new password:
Adding password for user test
[root
@test ~]# ls /data/.htpasswd
/data/.htpasswd
[root
@test ~]# cat !$
cat /data/.htpasswd
test:$apr1$w/gesgOt$hUj1BprwqfP4FApzdgNEe.
再次创建用户 不需要-c创建文件
[root
@test ~]# /usr/local/apache/bin/htpasswd -m /data/.htpasswd test1
New password:
Re-type new password:
Adding password for user test1
[root@test ~]# cat /data/.htpasswd
test:$apr1$w/gesgOt$hUj1BprwqfP4FApzdgNEe.
test1:$apr1$EpQSQAYB$dUTXxK8SunrsSTMj3cKhI1
重新加载生效
[root@test ~]# /usr/local/apache/bin/apachectl -t
Syntax OK
[root@test ~]# /usr/local/apache/bin/apachectl graceful
效果
[root@test ~]# curl -x127.0.0.1:80 test.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>(401说明访问内容需要用户验证)
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
[
root@test ~]# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Date: Thu, 15 Nov 2018 02:36:09 GMT
Server: Apache/2.4.37 (Unix) PHP/7.2.12
WWW-Authenticate: Basic realm="
test.com user auth"
Content-Type: text/html; charset=iso-8859-1
[root@test ~]# curl -x127.0.0.1:80 -utest:test test.com -I
HTTP/1.1 200 OK
Date: Thu, 15 Nov 2018 02:38:28 GMT
Server: Apache/2.4.37 (Unix) PHP/7.2.12
X-Powered-By: PHP/7.2.12
Content-Type: text/html; charset=UTF-8
[root@test ~]# curl -x127.0.0.1:80-utest:test test.com
针对单个文件进行认证(对网站后台或者敏感的做安全)
[root@test ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/
test.com"
ServerName
test.com
ServerAlias
www.test.com
www.test1.com
# <Directory /data/wwwroot/
test.com>
<FilesMatch test.php> (
针对指定的文件)
AllowOverride AuthConfig
AuthName "test.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
# </Directory>
ErrorLog "logs/
test.com-error_log"
CustomLog "logs/
test.com-access_log" common
</VirtualHost>
加载
[root@test ~]# /usr/local/apache/bin/apachectl -t
Syntax OK
[root@test ~]# /usr/local/apache/bin/apachectl graceful
测试:
[root@test ~]# vim /data/wwwroot/
test.com/test.php
<?php
echo "test.php";
?>
[root@test ~]# vim /data/wwwroot/
test.com/test1.php
<?php
echo "test1.php";
?>
效果
11.19/11.20 域名跳转 (
域名显性转发 网站seo,搜索引擎抓页面为了别人能搜索到(蜘蛛,网站权重很重要,搜索引擎对网站域名很看重
301永久重定向,永久跳转
))
需求,把
123.com域名跳转到
www.123.com,配置如下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/
www.123.com"
ServerName
www.123.com
ServerAlias
123.com
<IfModule mod_rewrite.c> //需要mod_rewrite模块支持
RewriteEngine on //打开rewrite功能
RewriteCond %{HTTP_HOST} !^www.123.com$ //定义rewrite的条件,主机名(域名)不是www.123.com满足条件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定义rewrite规则,当满足上面的条件时,这条规则才会执行
</IfModule>
</VirtualHost>
/usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块,需要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的#
curl -x127.0.0.1:80 -I
123.com //状态码为301
配置
[root@test ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/
test.com"
ServerName
test.com
ServerAlias
www.test1.com
# <Directory /data/wwwroot/
test.com>
# <FilesMatch test.php>
# AllowOverride AuthConfig
# AuthName "
test.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^
test.com$ (
以test.com为网站的主域名,这条的意思为域名非test.com时跳转到主域名来 HOST定义域名test.com !表示取反 ^test.com$ ^表示以test开头 $表示com结尾)
RewriteRule ^/(.*)$
http://test.com/$1 [R=301,L]
(
test1.com/
test.php
^表示除去域名之外的所有 /表示test1.com/test.php域名后面的斜杠 (.*)表示test.php部分(为了跳转时域名变化这部分保持不变) $表示结束 跳转至http://test.com/$1 $1表示(.*)第一个小括号 [R=301,L] 权重改为301 L表示last只跳一次)
</IfModule>
ErrorLog "logs/
test.com-error_log"
CustomLog "logs/
test.com-access_log" common
</VirtualHost>
注:301为永久重定向 302临时重定向(不太友好在搜索引擎,不会把权重降低原来的)
加载
[root@test ~]# /usr/local/apache/bin/apachectl -t
Syntax OK
[root@test ~]# /usr/local/apache/bin/apachectl graceful
查看是否加载rewrite模块
[root@test ~]# /usr/local/apache/bin/apachectl -M |grep rewrite
开启模块
[root@test ~]# vim /usr/local/apache/conf/httpd.conf
[root@test ~]# /usr/local/apache/bin/apachectl graceful
测试:
[root@test ~]# curl -x127.0.01:80
test1.com -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 15 Nov 2018 04:14:58 GMT
Server: Apache/2.4.37 (Unix) PHP/7.2.12
Location:
http://test.com/
Content-Type: text/html; charset=iso-8859-1
[root@test ~]# curl -x127.0.01:80
test1.com/gkdsahdkhask -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 15 Nov 2018 04:16:33 GMT
Server: Apache/2.4.37 (Unix) PHP/7.2.12
Location:
http://test.com/gkdsahdkhask
Content-Type: text/html; charset=iso-8859-1
注:404页面不存在 301永久跳转 401用户名密码验证不正确
403原因:当granted(授权)变为denied时
vim /usr/local/apache/conf/httpd.conf
11.21 Apache访问日志
访问日志记录用户的每一个请求
vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
把虚拟主机配置文件改成如下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/
www.123.com"
ServerName
www.123.com
ServerAlias
123.com
CustomLog "logs/
123.com-access_log" combined
</VirtualHost>
重新加载配置文件 -t,graceful
curl -x127.0.0.1:80 -I
123.com
tail /usr/local/apache2.4/logs/
123.com-access_log
虚拟主机的日志目录路径
虚拟主机配置文件中定义的日志
[root@test ~]# ls /usr/local/apache/logs/
读懂日志
GET表示curl命令后面不加-I HEAD表示curl命令后面加-I只输出状态码
127.0.0.1(来源IP) - test [15/Nov/2018:10:38:28 +0800](时间) "HEAD(行为)
HTTP://test.com/(访问域名) HTTP/1.1"(http版本) 200(状态码) -(大小)
127.0.0.1 - test [15/Nov/2018:10:41:05 +0800] "GET
HTTP://test.com/ HTTP/1.1" 200 9
查看日志格式 有两种格式common(默认和combined)
[root@test ~]# vim /usr/local/apache/conf/httpd.conf
LogFormat "%h(来源IP) %l(用户) %u(用户名密码) %t(时间) \"%r(行为,网址)\" %>s(状态码) %b(大小)" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer(记录用户浏览器上一次访问的网址是什么,上一个网页跳转过来的网址)}i\" \"%{User-Agent(用户代理,用户通过浏览器、curl等访问工具,显示用户使用浏览器品牌或者其他工具)}i\"" combined
配置虚拟主机文件来定义访问日志格式
[root@test ~]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/
test.com"
ServerName
test.com
ServerAlias
www.test1.com
# <Directory /data/wwwroot/
test.com>
# <FilesMatch test.php>
# AllowOverride AuthConfig
# AuthName "
test.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^
test.com$
RewriteRule ^/(.*)$
http://test.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/
test.com-error_log"
CustomLog "logs/
test.com-access_log"
combined
</VirtualHost>
加载
[root@test ~]# /usr/local/apache/bin/apachectl -t
Syntax OK
[root@test ~]# /usr/local/apache/bin/apachectl graceful
查看日志:
[root@test ~]# tail -n6 /usr/local/apache/logs/
test.com-access_log
115.236.28.52 - - [15/Nov/2018:12:43:11 +0800] "GET / HTTP/1.1" 301 224 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
127.0.0.1 - - [15/Nov/2018:12:44:21 +0800] "HEAD
HTTP://test1.com/gkdsahdkhask HTTP/1.1" 301 - "-" "curl/7.29.0"
127.0.0.1 - - [15/Nov/2018:12:44:25 +0800] "GET
HTTP://test1.com/gkdsahdkhask HTTP/1.1" 301 236 "-" "curl/7.29.0"
127.0.0.1 - - [15/Nov/2018:12:44:29 +0800] "GET
HTTP://test1.com/ HTTP/1.1" 301 224 "-" "curl/7.29.0"
127.0.0.1 - - [15/Nov/2018:12:44:37 +0800] "GET
HTTP://test.com/ HTTP/1.1" 200 9 "-" "curl/7.29.0"
127.0.0.1 - - [15/Nov/2018:12:44:41 +0800] "HEAD
HTTP://test.com/ HTTP/1.1" 200 - "-" "curl/7.29.0"
939
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
