11.18 Apache用户认证
针对目录做认证:
# vim /etc/httpd24/extra/httpd-vhosts.conf //编辑虚拟主机配置
<VirtualHost *:80>
ServerAdmin webmaster@111.com
DocumentRoot "/home/wwwroot/111.com"
ServerName 111.com
ServerAlias www.123.cn
<Directory /home/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "账号密码访问"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
htpasswd命令
这里创建账号密码使用的就是htpasswd命令
#htpasswd -h
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
htpasswd命令选项参数说明:
-c创建一个加密文件。
-n不更新加密文件,只将htpasswd命令加密后的用户名和密码显示在屏幕上。
-m默认htpassswd命令采用MD5算法对密码进行加密,该参数默认情况下可以不加。
-d表示htpassswd命令采用CRYPT算法对密码进行加密。
-s表示htpassswd命令采用SHA算法对密码进行加密。
-p表示htpassswd命令不对密码进行进行加密,即明文密码。
-b表示在htpassswd命令行中一并输入用户名和密码而不是根据提示输入密码。
-D表示删除指定的用户。
# htpasswd -c -m /data/.htpasswd aiker //创建密码文件,新增账号密码,-m使用MD5加密,-c为创建加密文件
New password:
Re-type new password:
Adding password for user aiker
# cat /data/.htpasswd //查看生成的账号密码,密码是加密过的,
aiker:$apr1$7t9qXYLd$hGI0tZXjCnEydaaqLER3b0
# apachectl-t //检查配置
# apachectl graceful //重新加载配置
htpasswd -n aiker
也是一样的效果,-n后面一定要跟存在的账号,不更新密码文件,只显示加密后的用户名和密码
htpasswd -nb /data/.htpasswd aiker 123456
利用htpasswd命令删除用户名和密码
htpasswd -D /data/.htpasswd aiker
利用htpasswd命令修改密码
htpasswd -D /data/.htpasswd aiker
htpasswd -b /data/.htpasswd aiker 123456
先使用htpasswd删除命令删除指定用户,再利用htpasswd添加用户命令创建用户即可实现修改密码的功能。
# curl -I -xlocalhost:80 111.com
HTTP/1.1 401 Unauthorized
Date: Wed, 07 Mar 2018 17:40:17 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
WWW-Authenticate: Basic realm="账号密码访问" //如果设置了验证没有认证就会报错
Content-Type: text/html; charset=iso-8859-1
[root@localhost src]# htpasswd -c -m /data/.htpasswd aiker //重新创建账号密码,会覆盖之前的设置
New password:
Re-type new password:
Adding password for user aiker
[root@localhost src]# curl -I -xlocalhost:80 111.com -uaiker:ederew
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 17:44:31 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
X-Powered-By: PHP/7.2.1
Content-Type: text/html; charset=UTF-8
利用htpasswd命令添加用户
# htpasswd -bc /data/.htpasswd aiker phpss //密码:phpss,默认采用MD5加密方式。
在原有密码文件中增加下一个用户
[root@localhost src]# htpasswd -b -m /data/.htpasswd gavin //在原来密码文件中新增一个账号,去掉-c选项,即可在第一个用户之后添加第二个用户,依此类推。
New password:
Re-type new password:
Adding password for user gavin
[root@localhost src]# curl -I -xlocalhost:80 111.com -ugavin
Enter host password for user 'gavin':
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 17:43:51 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
X-Powered-By: PHP/7.2.1
Content-Type: text/html; charset=UTF-8
单个文件认证:
<VirtualHost *:80>
ServerAdmin webmaster@111.com
DocumentRoot "/home/wwwroot/111.com"
ServerName 111.com
ServerAlias www.123.cn
# <Directory /home/wwwroot/111.com> #目录认证
<FilesMatch yhtz.php> #匹配文件认证
AllowOverride AuthConfig
AuthName "账号密码访问"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
# </Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@localhost 111.com]# curl -I -xlocalhost:80 111.com/yhtz.php
HTTP/1.1 401 Unauthorized
Date: Wed, 07 Mar 2018 17:53:42 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
WWW-Authenticate: Basic realm="账号密码访问"
Content-Type: text/html; charset=iso-8859-1
[root@localhost 111.com]# curl -I -xlocalhost:80 111.com/yhtz.php -uaiker
Enter host password for user 'aiker':
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 17:53:55 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
X-Powered-By: PHP/7.2.1
11.19/11.20 域名跳转
111.com做为主域名,把www.123.cn域名跳转到111.com# sed -i 38,44s/^/#/g /etc/httpd24/extra/httpd-vhosts.conf
注释认证,让配置看起来更容易
注释后的虚拟主机配置
<VirtualHost *:80>
ServerAdmin webmaster@111.com
DocumentRoot "/home/wwwroot/111.com"
ServerName 111.com
ServerAlias www.123.cn
# <Directory /home/wwwroot/111.com> #目录认证
# <FilesMatch yhtz.php> #匹配文件认证
# AllowOverride AuthConfig
# AuthName "账号密码访问"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@localhost 111.com]# apachectl -M | grep rewrit
rewrite_module (shared) //若无该模块,需要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的#
<VirtualHost *:80>
ServerAdmin webmaster@111.com
DocumentRoot "/home/wwwroot/111.com"
ServerName 111.com
ServerAlias www.123.cn
<IfModule mod_rewrite.c> #加载rewrite模块,httpd.conf里rewrite去掉注释启用
RewriteEngine on #启用rewrite引擎
RewriteCond %{HTTP_HOST} !^111.com$ #定义rewrite的条件,主机名(域名)不是111.com满足条件
RewriteRule ^/(.*)$ http://111.com/$1 [R=301.L] #定义rewrite规则,当满足上面的条件时,这条规则才会执行
</IfModule>
# <Directory /home/wwwroot/111.com> #目录认证
# <FilesMatch yhtz.php> #匹配文件认证
# AllowOverride AuthConfig
# AuthName "账号密码访问"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined
</VirtualHost>
测试:
# curl -I -xlocalhost:80 www.123.cn
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 18:39:21 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
curl -x192.168.0.173:80 www.123.cn/aaa/bbb -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 18:46:09 GMT
Server: Apache/2.4.29 (Unix) PHP/7.2.1
Location: http://111.com/aaa/bbb
Content-Type: text/html; charset=iso-8859-1
11.21 Apache访问日志
# vim /etc/httpd24/httpd.conf //修改apache配置文件
默认的日志:
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined //日志格式,后面的host文件是引用这个格式的名字
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access_log" combined
</IfModule>
<VirtualHost *:80>
ServerAdmin webmaster@111.com
DocumentRoot "/home/wwwroot/111.com"
ServerName 111.com
ServerAlias www.123.cn
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301.L]
</IfModule>
# <Directory /home/wwwroot/111.com> #目录认证
# <FilesMatch yhtz.php> #匹配文件认证
# AllowOverride AuthConfig
# AuthName "账号密码访问"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined //引用之前定义的日志格式命名
</VirtualHost>
实时查看日志记录:
[root@localhost ~]# tail -f /usr/local/apache2.4/logs/111.com-access_log
::1 - - [09/Mar/2018:01:01:46 +0800] "GET HTTP://www.123.cn/ HTTP/1.1" 301 223
192.168.0.190 - aiker [09/Mar/2018:01:02:05 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:02:16 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:02 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:03 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:04 +0800] "GET / HTTP/1.1" 200 8
192.168.0.190 - aiker [09/Mar/2018:01:03:05 +0800] "GET / HTTP/1.1" 200 8
::1 - - [09/Mar/2018:01:03:29 +0800] "GET HTTP://www.123.cn/ HTTP/1.1" 301 223 "-" "curl/7.29.0"
::1 - - [09/Mar/2018:01:03:33 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8 "-" "curl/7.29.0"
192.168.0.190 - aiker [09/Mar/2018:01:03:42 +0800] "GET / HTTP/1.1" 200 8 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
扩展
apache虚拟主机开启php的短标签
在对应的 虚拟主机 配置文件中加入php_admin_flag short_open_tag on
短标签作用
如果不开启短标签,服务器将无法解析如下形式的PHP文件:
<?
phpinfo()
?>
只能解析下面这种PHP文件:
<?php
phpinfo()
?>
转载于:https://blog.51cto.com/235571/2120556