Apache 配置精解

1:让Apache的索引显示支持中文文件和目录
[root@server3 ~]# tail  /usr/local/apache2/conf/extra/httpd-vhosts.conf 
<VirtualHost 192.168.122.30:80>
    DocumentRoot "/home/share"
    <Directory /home/share>
    Options indexes followsymlinks
    order deny,allow
    allow from all
    </Directory>
    ServerName   192.168.122.30
</VirtualHost>
[root@server3 ~]# ls /home/share/
10网段改造问题.txt  docs.zip   IPVS.doc   中文目录
boot.tgz            exam2.JPG  putty.exe  数据库

1

[root@server3 ~]# grep -i 'utf-8' /usr/local/apache2/conf/httpd.conf
AddDefaultCharSet UTF-8
IndexOptions Charset=UTF-8

2

2：过滤Apache可读取的文件类型，让特定类型的文件不能被访问
root@server3 ~]# grep  -A 3 -E '(exe|zip)' /usr/local/apache2/conf/httpd.conf |grep -v '#' 
<FilesMatch "/.(exe|zip)$">
    Order allow,deny
    Deny from all
</FilesMatch>

3

[root@server3 ~]# tail -f /usr/local/apache2/logs/error_log 
[Thu May 20 14:44:25 2010] [error] [client 192.168.122.1] client denied by server configuration: /home/share/docs.zip
[Thu May 20 14:44:25 2010] [error] [client 192.168.122.1] client denied by server configuration: /home/share/putty.exe
3：重定向，重定向主要有temp,permanent,gone,seeother四种；
temp:临时重定向，用于文件当前不存在所请求的位置，将来预期会出现在该位置上时的临时重定向
permanent:永久重定向，同temp的情况相反
gone：表示文件不在此位置，以后也不应该再询问了，但gone承认文件曾经存在过，同404错误情况不同，这不会被认为是错误
seeother:告知客户端原始文件已经不存在，并且被不同位置的其他文件所替代
默认情况下，如果没有设定关键字，会使用临时重定向
<VirtualHost 192.168.122.30:80>
    DocumentRoot "/home/share"
    ServerName   192.168.122.30
    Redirect Permanent / http://hi.baidu.com/naruto6006
</VirtualHost>

4

[root@server3 ~]# tail -f /usr/local/apache2/logs/access_log
192.168.122.1 - - [20/May/2010:15:03:29 +0800] "GET / HTTP/1.1" 301 238
4:apache 查看status和info信息
[root@server3 ~]# grep 'info' /usr/local/apache2/conf/httpd.conf |grep -v '#'
Include conf/extra/httpd-info.conf
[root@server3 ~]# grep -A 5 -E '(status|info)' /usr/local/apache2/conf/extra/httpd-info.conf  |grep -v '#' |uniq
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 192.168.122.60
</Location>
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from 192.168.122.60
</Location>

5

6

5：配置防盗链
第一种方法，使用SetEnvIfNoCase实现
<FilesMatch "/.(jpg|jpeg|gif|png)$">
    SetEnvIfNoCase Referer "^http://([^/]*/.)?766.com" local_referrer=1
    Order Allow,Deny
    Allow from env=local_referrer
</FilesMatch>
第二种方法，使用rewrite规则实现
[root@server3 ~]# /usr/local/apache2/bin/apachectl -l |grep rewrite
  mod_rewrite.c
<VirtualHost 192.168.122.30:80>
    DocumentRoot "/home/share"    
    ServerName   192.168.122.30
    <Directory /home/share>
    Options indexes followsymlinks
    AllowOverride    All
    order deny,allow
    allow from all
    </Directory>
</VirtualHost>
[root@server3 ~]# cat /home/share/.htaccess
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://([^/]*/.)?766.com$ [NC]
RewriteRule .*/.(gif|jpg|swf)$ http://www.766.com/about/nolink.png [R,NC]
httpd.conf 文件里的配置，是在 apache 启动时一次读取，效率很高
.htaccess 文件里的配置，每次访问都需要读取分析，效率很低;
6:mpm多路处理模块调优；以下列出了不同操作系统上默认的MPM。如果你在编译时没有进行选择，这将是默认选择的MPM；
BeOS beos
Netware mpm_netware
OS/2 mpmt_os2
Unix prefork
Windows mpm_winnt
core：          Apache HTTP服务器核心提供的功能，始终有效；
mpm_common： 收集了被多个多路处理模块(MPM)实现的公共指令；
beos： 专门针对BeOS优化过的多路处理模块(MPM)；
event： 一个标准workerMPM 的实验性变种；
mpm_netware： 专门为Novell NetWare优化的线程化的多路处理模块(MPM)；
mpmt_os2： 专门针对OS/2优化过的混合多进程多线程多路处理模块(MPM)；
prefork： 一个非线程型的、预派生的MPM；
mpm_winnt： 用于Windows NT/2000/XP/2003 系列的MPM；
worker： 线程型的MPM，实现了一个混合的多线程多处理MPM，允许一个子进程中包含多个线程；
[root@server3 ~]# /usr/local/apache2/bin/apachectl -l|grep -E '(work|prework|event)'
  worker.c
[root@server3 ~]# grep  'mpm' /usr/local/apache2/conf/httpd.conf
Include conf/extra/httpd-mpm.conf
修改/usr/local/apache2/conf/extra/httpd-mpm.conf文件MPM模块如下：
<IfModule mpm_worker_module>
    ServerLimit              100    //最大允许100子进程数
    ThreadLimit              200    //最大允许200子线程数
    StartServers             10     //Apache启动立即产生10个子进程
    MaxClients               3200   //允许最大的客户数
    MinSpareThreads          320    //最少有320个空线程
    MaxSpareThreads          450    //最多有450个空线程
    ThreadsPerChild          32     //一个子进程有32个常驻线程
    MaxRequestsPerChild      1000   //每个子进程在其生存期内允许的最大请求数量
</IfModule>
7：虚拟目录和网站别名
<VirtualHost 192.168.122.30:80>
    DocumentRoot "/home/share"
    ServerName   192.168.122.30
    ServerAlias  www.yang.com
    Alias /test   "/tmp"
    <Directory /tmp>
    Options indexes followsymlinks
    order deny,allow
    allow from all
    </Directory>
    <Directory /home/share>
    Options indexes followsymlinks
    AllowOverride    All
    order deny,allow
    allow from all
    </Directory>
</VirtualHost>
C:/Documents and Settings/yang>ping www.yang.com
Pinging www.yang.com [192.168.122.30] with 32 bytes of data:
Reply from 192.168.122.30: bytes=32 time<1ms TTL=64

7

8

8:Apache URL忽略大小写

9

[root@server3 share]# /usr/local/apache2/bin/apachectl -l |grep spel
  mod_speling.c
[root@server3 ~]# grep 'checkspelling' /usr/local/apache2/conf/httpd.conf
checkspelling  on

10

9：AB性能测试
[root@server3 ~]# /usr/local/apache2/bin/ab -n 1000 -c 100 http://192.168.122.30/boot.tgz  //n代表请求1000次，c代表同时发送100个请求
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.122.30 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests
Server Software:        Apache/2.2.14
Server Hostname:        192.168.122.30
Server Port:            80
Document Path:          /boot.tgz
Document Length:        5548786 bytes
Concurrency Level:      100
Time taken for tests:   8.481 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      5549070000 bytes
HTML transferred:       5548786000 bytes
Requests per second:    117.91 [#/sec] (mean)
Time per request:       848.119 [ms] (mean)
Time per request:       8.481 [ms] (mean, across all concurrent requests)
Transfer rate:          638945.27 [Kbytes/sec] received
Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   1.3      0      11
Processing:     6  786 828.4    496    6399
Waiting:        0  548 881.3    200    5877
Total:          6  787 828.2    497    6399
Percentage of the requests served within a certain time (ms)
  50%    497
  66%    636
  75%    749
  80%    908
  90%   1719
  95%   2660
  98%   3559
  99%   4116
100%   6399 (longest request)
[root@server3 # uptime   //查看系统负载情况
11:00:35 up  2:00,  2 users,  load average: 13.75, 3.06, 1.00
10：隐藏系统信息和Apache的版本信息
[root@server3 ~]# curl -I  http://192.168.122.30
HTTP/1.1 200 OK
Date: Mon, 24 May 2010 03:11:54 GMT
Server: Apache/2.2.14 (Unix) DAV/2 PHP/5.2.9
Content-Type: text/html;charset=UTF-8
[root@server3 ~]# grep  'default.conf' /usr/local/apache2/conf/httpd.conf |grep -v '^#'
Include conf/extra/httpd-default.conf
[root@server3 ~]# grep -E '(Prod|Off)' /usr/local/apache2/conf/extra/httpd-default.conf |grep -v '^#'
UseCanonicalName Off     //UseCanonicalName、UseCanonicalPhysicalPort指令用来决定怎样构建自引用 URL
ServerTokens Prod        //设置服务器HTTP响应头字段的值
ServerSignature Off      //隐藏Apache版本信息
HostnameLookups Off      //关闭名字解析
[root@server3 ~]# curl -I http://192.168.122.30
HTTP/1.1 200 OK
Date: Mon, 24 May 2010 03:19:38 GMT
Server: Apache
Content-Type: text/html;charset=UTF-8