十周三次课(5月29日)

最新推荐文章于 2021-03-26 00:29:36 发布

weixin_33852020

最新推荐文章于 2021-03-26 00:29:36 发布

阅读量92

点赞数

原文链接：http://blog.51cto.com/235571/2120556

版权

11.18 Apache用户认证

针对目录做认证：

# vim /etc/httpd24/extra/httpd-vhosts.conf  //编辑虚拟主机配置

<VirtualHost *:80>
    ServerAdmin webmaster@111.com
    DocumentRoot "/home/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.123.cn
    <Directory /home/wwwroot/111.com>
        AllowOverride AuthConfig
        AuthName "账号密码访问"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </Directory>
    ErrorLog "logs/111.com-error_log"

htpasswd命令
这里创建账号密码使用的就是htpasswd命令

#htpasswd -h
htpasswd [-cmdpsD] passwordfile username

htpasswd -b[cmdpsD] passwordfile username password

htpasswd -n[mdps] username

htpasswd -nb[mdps] username password

htpasswd命令选项参数说明：

-c创建一个加密文件。

-n不更新加密文件，只将htpasswd命令加密后的用户名和密码显示在屏幕上。

-m默认htpassswd命令采用MD5算法对密码进行加密，该参数默认情况下可以不加。

-d表示htpassswd命令采用CRYPT算法对密码进行加密。

-s表示htpassswd命令采用SHA算法对密码进行加密。

-p表示htpassswd命令不对密码进行进行加密，即明文密码。

-b表示在htpassswd命令行中一并输入用户名和密码而不是根据提示输入密码。

-D表示删除指定的用户。

# htpasswd -c -m /data/.htpasswd aiker   //创建密码文件，新增账号密码,-m使用MD5加密，-c为创建加密文件
New password: 
Re-type new password: 
Adding password for user aiker

# cat /data/.htpasswd    //查看生成的账号密码，密码是加密过的，
aiker:$apr1$7t9qXYLd$hGI0tZXjCnEydaaqLER3b0
# apachectl-t   //检查配置
# apachectl graceful  //重新加载配置

htpasswd -n aiker也是一样的效果，-n后面一定要跟存在的账号,不更新密码文件，只显示加密后的用户名和密码

htpasswd -nb  /data/.htpasswd aiker 123456

利用htpasswd命令删除用户名和密码

htpasswd -D  /data/.htpasswd aiker

利用htpasswd命令修改密码

htpasswd -D  /data/.htpasswd aiker
htpasswd -b  /data/.htpasswd aiker 123456

先使用htpasswd删除命令删除指定用户，再利用htpasswd添加用户命令创建用户即可实现修改密码的功能。

# curl -I -xlocalhost:80 111.com
HTTP/1.1 401 Unauthorized
Date: Wed, 07 Mar 2018 17:40:17 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
WWW-Authenticate: Basic realm="账号密码访问"  //如果设置了验证没有认证就会报错
Content-Type: text/html; charset=iso-8859-1

[root@localhost src]# htpasswd -c -m /data/.htpasswd aiker  //重新创建账号密码，会覆盖之前的设置
New password: 
Re-type new password: 
Adding password for user aiker
[root@localhost src]# curl -I -xlocalhost:80 111.com -uaiker:ederew
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 17:44:31 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
X-Powered-By: PHP/7.2.1
Content-Type: text/html; charset=UTF-8

利用htpasswd命令添加用户

# htpasswd -bc /data/.htpasswd aiker phpss  //密码：phpss，默认采用MD5加密方式。

在原有密码文件中增加下一个用户

[root@localhost src]# htpasswd -b -m /data/.htpasswd gavin //在原来密码文件中新增一个账号,去掉-c选项，即可在第一个用户之后添加第二个用户，依此类推。
New password: 
Re-type new password: 
Adding password for user gavin

[root@localhost src]# curl -I -xlocalhost:80 111.com -ugavin
Enter host password for user 'gavin':
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 17:43:51 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
X-Powered-By: PHP/7.2.1
Content-Type: text/html; charset=UTF-8

单个文件认证：

<VirtualHost *:80>
    ServerAdmin webmaster@111.com
    DocumentRoot "/home/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.123.cn
#    <Directory /home/wwwroot/111.com> #目录认证
    <FilesMatch yhtz.php> #匹配文件认证
        AllowOverride AuthConfig
        AuthName "账号密码访问"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>
#    </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

[root@localhost 111.com]# curl -I -xlocalhost:80 111.com/yhtz.php
HTTP/1.1 401 Unauthorized
Date: Wed, 07 Mar 2018 17:53:42 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
WWW-Authenticate: Basic realm="账号密码访问"
Content-Type: text/html; charset=iso-8859-1

[root@localhost 111.com]# curl -I -xlocalhost:80 111.com/yhtz.php -uaiker
Enter host password for user 'aiker':
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 17:53:55 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
X-Powered-By: PHP/7.2.1

11.19/11.20 域名跳转

111.com做为主域名，把www.123.cn域名跳转到111.com
# sed -i 38,44s/^/#/g /etc/httpd24/extra/httpd-vhosts.conf 注释认证，让配置看起来更容易
注释后的虚拟主机配置

<VirtualHost *:80>
    ServerAdmin webmaster@111.com
    DocumentRoot "/home/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.123.cn
#    <Directory /home/wwwroot/111.com> #目录认证
#    <FilesMatch yhtz.php> #匹配文件认证
#        AllowOverride AuthConfig
#       AuthName "账号密码访问"
#       AuthType Basic
#       AuthUserFile /data/.htpasswd
#       require valid-user
#    </FilesMatch>
#    </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

[root@localhost 111.com]# apachectl -M | grep rewrit 
 rewrite_module (shared)  //若无该模块，需要编辑配置文件httpd.conf，删除rewrite_module (shared) 前面的#

<VirtualHost *:80>
    ServerAdmin webmaster@111.com
    DocumentRoot "/home/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.123.cn
    <IfModule mod_rewrite.c> #加载rewrite模块，httpd.conf里rewrite去掉注释启用
        RewriteEngine on #启用rewrite引擎
        RewriteCond %{HTTP_HOST} !^111.com$ #定义rewrite的条件，主机名（域名）不是111.com满足条件
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301.L] #定义rewrite规则，当满足上面的条件时，这条规则才会执行
    </IfModule>
#    <Directory /home/wwwroot/111.com> #目录认证
#    <FilesMatch yhtz.php> #匹配文件认证
#       AllowOverride AuthConfig
#       AuthName "账号密码访问"
#       AuthType Basic
#       AuthUserFile /data/.htpasswd
#       require valid-user
#    </FilesMatch>
#    </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined
</VirtualHost>

测试：

# curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 18:39:21 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
curl -x192.168.0.173:80 www.123.cn/aaa/bbb -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 18:46:09 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
Location: http://111.com/aaa/bbb
Content-Type: text/html; charset=iso-8859-1

11.21 Apache访问日志

# vim /etc/httpd24/httpd.conf    //修改apache配置文件
默认的日志：

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined    //日志格式，后面的host文件是引用这个格式的名字
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "logs/access_log" combined
</IfModule>

<VirtualHost *:80>
    ServerAdmin webmaster@111.com
    DocumentRoot "/home/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.123.cn
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301.L]
    </IfModule>
#    <Directory /home/wwwroot/111.com> #目录认证
#    <FilesMatch yhtz.php> #匹配文件认证
#        AllowOverride AuthConfig
#       AuthName "账号密码访问"
#       AuthType Basic
#       AuthUserFile /data/.htpasswd
#       require valid-user
#    </FilesMatch>
#    </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined  //引用之前定义的日志格式命名
</VirtualHost>

实时查看日志记录：

[root@localhost ~]# tail -f /usr/local/apache2.4/logs/111.com-access_log 
::1 - - [09/Mar/2018:01:01:46 +0800] "GET HTTP://www.123.cn/ HTTP/1.1" 301 223
192.168.0.190 - aiker [09/Mar/2018:01:02:05 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:02:16 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:02 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:03 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:04 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:05 +0800] "GET / HTTP/1.1" 200 8
::1 - - [09/Mar/2018:01:03:29 +0800] "GET HTTP://www.123.cn/ HTTP/1.1" 301 223 "-" "curl/7.29.0"
::1 - - [09/Mar/2018:01:03:33 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8 "-" "curl/7.29.0"
192.168.0.190 - aiker [09/Mar/2018:01:03:42 +0800] "GET / HTTP/1.1" 200 8 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"

扩展

apache虚拟主机开启php的短标签

在对应的虚拟主机配置文件中加入
php_admin_flag short_open_tag on

短标签作用
如果不开启短标签，服务器将无法解析如下形式的PHP文件：

<?
phpinfo()
?>

只能解析下面这种PHP文件：

<?php
phpinfo()
?>

转载于:https://blog.51cto.com/235571/2120556

weixin_33852020

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
十周三次课(5月29日)

11.18 Apache用户认证针对目录做认证：# vim /etc/httpd24/extra/httpd-vhosts.conf //编辑虚拟主机配置<VirtualHost *:80> ServerAdmin webmaster@111.com DocumentRoot "/home/wwwroot/111.com" ServerName 111...
复制链接

扫一扫