搭建discaz(二)
3、配置用户认证
将如下写入httpd-vhosts.conf中:
<Directory *>
AllowOverride AuthConfig
AuthName "自定义文本"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
.htpasswd需要使用/usr/local/apache2/bin/htpasswd创建;
/usr/local/apache2/bin/htpasswd -c /data/.htpasswd wei
-c是创建新的.htpasswd文件,第一次使用后再次使用会覆盖掉源文件,支持MD5加密等加密方法;
此时,访问www.1.com会提示输入账号密码信息:
4、配置域名跳转:
将如下写入httpd-vhosts.conf中:
单域名:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain1.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
多域名:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain1.com$
RewriteRule ^/(.*)$ http://www.domain2.com/$1 [R=301,L]
</IfModule>
配置完成后,输入www.a.com会直接跳转至www.1.com
(5)配置apache的访问日志
编辑/usr/local/apache2/conf/extra/httpd-vhosts.conf,进行修改添加:
ErrorLog "/usr/local/apache2/logs/1.com-error.log "
SetEnvIf Request_URI ".*\.gif$" image-request
SetEnvIf Request_URI ".*\.jpg$" image-request
SetEnvIf Request_URI ".*\.png$" image-request
SetEnvIf Request_URI ".*\.bmp$" image-request
SetEnvIf Request_URI ".*\.swf$" image-request
SetEnvIf Request_URI ".*\.jsf$" image-request
SetEnvIf Request_URI ".*\.css$" image-request
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/1.com-access__%Y%m%d.log 86400" combined env=!image-request //不记录image-request相关的日志
(6)配置静态缓存
编辑/usr/local/apache2/conf/extra/httpd-vhosts.conf,进行修改添加:
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hours"
ExpiresByType application/x-javescript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
此时在www目录下touch 1.jpeg,浏览器直接访问www.1.com/1.jpeg,可以发现缓存时间已经变成86400秒(也就是一天)
(7)配置防盗链
编辑/usr/local/apache2/conf/extra/httpd-vhosts.conf,进行修改添加:
SetEnvIfNoCase Referer "^http://www.1.com" local_ref
SetEnvIfNoCase Referer "www.a.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
添加完成后,就可以防止被盗链:
上图中,可以看到,直接访问显示HTTP/1.1 200,使用百度的referer提示403错误;
(8)访问控制
##配置访问控制,只允许指定IP访问 <Directory /data/www/> Order deny,allow Deny from all Allow from 127.0.0.1 </Directory> #针对请求的url去限制,加入后只有指定IP能访问admin页面 <filesmatch "(.*)admin(.*)"> Order deny,allow Deny from all Allow from 127.0.0.1 </filesmatch> #针对某个目录下禁止解析php <Directory /data/www/path> php_admin_flag engine off <filesmatch "(.*)php"> Order deny,allow Deny from all </filesmatch> </Directory>