访问需输入密码:
[root@wangchao www]# pwd
/data/www
[root@wangchao www]# mkdir abc
[root@wangchao www]# cd abc/
[root@wangchao abc]# ls
[root@wangchao abc]# cp /etc/passwd ./12.txt
windows客户端可访问:
现访问需先通过认证,才能访问该文件。
[root@wangchao abc]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
[root@wangchao abc]# vim /etc/profile.d/path.sh
export PATH=$PATH:/usr/local/mysql/bin:/usr/local/apache2/bin
[root@wangchao abc]# !source
source /etc/profile.d/path.sh
[root@wangchao abc]# htpasswd -c /data/.htpasswd user1
New password:
Re-type new password:
Adding password for user user1
[root@wangchao abc]# cat /data/.htpasswd
user1:piGphq8lkIbXM
[root@wangchao abc]# htpasswd /data/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2
[root@wangchao abc]# !cat
cat /data/.htpasswd
user1:piGphq8lkIbXM
user2:sssH0X1U8VwUs
[root@wangchao abc]# apachectl graceful
windows访问:
输入用户、密码后:
默认虚拟主机配置:
windows客户端
C:\Windows\System32\drivers\etc中hosts文件:
当访问www.test.com、www.aaa.com时,能访问网站,当其他域名解析到该IP时,也能访问该IP。如下:
访问www.111.com
现www.111.com使之不能访问,使访问到默认的虚拟主机
[root@wangchao abc]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/tmp/123"
ServerName 111.com
</VirtualHost>
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
[root@wangchao abc]# apachectl -t
Warning: DocumentRoot [/tmp/123] does not exist
Syntax OK
[root@wangchao abc]# mkdir /tmp/123
[root@wangchao abc]# chmod 600 /tmp/123/
[root@wangchao abc]# apachectl -t
Syntax OK
[root@wangchao abc]# apachectl restart
windows访问:www.111.com 、www.test.com
域名跳转:
[root@wangchao ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
[root@wangchao ~]# apachectl -t
[root@wangchao ~]# apachectl graceful
windows访问www.aaa.com,自动跳转至www.test.com
[root@wangchao ~]# curl -x192.168.137.22:80 www.aaa.com/fff -I
HTTP/1.1 301 Moved Permanently
Date: Tue, 09 Jun 2015 03:36:02 GMT
Server: Apache/2.2.24 (Unix) PHP/5.3.27
Location: http://www.test.com/fff
Content-Type: text/html; charset=iso-8859-1
在虚拟主机中加:
[root@wangchao ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
[root@wangchao ~]# apachectl -t
Syntax OK
[root@wangchao ~]# apachectl graceful
window上写hosts文件:
windows上访问www.bbb.com自动跳转到www.test.com
[root@wangchao ~]# curl -x192.168.137.22:80 www.bbb.com/fff -I
HTTP/1.1 301 Moved Permanently
Date: Tue, 09 Jun 2015 03:53:52 GMT
Server: Apache/2.2.24 (Unix) PHP/5.3.27
Location: http://www.test.com/fff
Content-Type: text/html; charset=iso-8859-1
apache日志切割
[root@wangchao ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
ErrorLog "logs/test.com_error_log"
CustomLog "logs/test.com-access_log" combined
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
[root@wangchao ~]# apachectl -t
Syntax OK
[root@wangchao ~]# apachectl graceful
[root@wangchao ~]# cd /usr/local/apache2/logs/
[root@wangchao logs]# ls
test.com_error_log test.com-access_log
[root@wangchao logs]# cat test.com-access_log
[root@wangchao logs]# cat test.com_error_log
[root@wangchao logs]# cat /usr/local/apache2/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@wangchao logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
ErrorLog "logs/test.com_error_log"
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined
[root@wangchao logs]# apachectl -t
Syntax OK
[root@wangchao logs]# apachectl graceful
windows访问网站
[root@wangchao logs]# ls
test.com-access_20150609_log
[root@wangchao logs]# date -s "2015-07-17 10:14:45"
Fri Jul 17 10:14:45 CST 2015
[root@wangchao logs]# ls
access_log httpd.pid test.com-access_20150717_log test.com_error_log
error_log test.com-access_20150609_log test.com-access_log
apache不记录指定文件类型日志
[root@wangchao logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
ErrorLog "logs/test.com_error_log"
SetEnvIf Request_URI ".*\.gif$" p_w_picpath-request
SetEnvIf Request_URI ".*\.jpg$" p_w_picpath-request
SetEnvIf Request_URI ".*\.png$" p_w_picpath-request
SetEnvIf Request_URI ".*\.bmp$" p_w_picpath-request
SetEnvIf Request_URI ".*\.swf$" p_w_picpath-request
SetEnvIf Request_URI ".*\.js$" p_w_picpath-request
SetEnvIf Request_URI ".*\.css$" p_w_picpath-request
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined env=!p_w_picpath-request
[root@wangchao logs]# apachectl -t
Syntax OK
[root@wangchao logs]# apachectl graceful
客户端访问:
[root@wangchao logs]# ls
[root@wangchao logs]# less test.com-access_20150718_log
apache配置静态缓存
[root@wangchao logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
ErrorLog "logs/test.com_error_log"
SetEnvIf Request_URI ".*\.gif$" p_w_picpath-request
SetEnvIf Request_URI ".*\.jpg$" p_w_picpath-request
SetEnvIf Request_URI ".*\.png$" p_w_picpath-request
SetEnvIf Request_URI ".*\.bmp$" p_w_picpath-request
SetEnvIf Request_URI ".*\.swf$" p_w_picpath-request
SetEnvIf Request_URI ".*\.js$" p_w_picpath-request
SetEnvIf Request_URI ".*\.css$" p_w_picpath-request
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined env=!p_w_picpath-request
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType p_w_picpath/gif "access plus 1 days"
ExpiresByType p_w_picpath/jpeg "access plus 24 hours"
ExpiresByType p_w_picpath/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
[root@wangchao logs]# apachectl graceful
[root@wangchao logs]# curl -x127.0.0.1:80 'http://www.test.com/static/p_w_picpath/common/logo_88_31.gif' -I
HTTP/1.1 200 OK
Date: Sat, 18 Jul 2015 02:30:55 GMT
Server: Apache/2.2.24 (Unix) PHP/5.3.27
Last-Modified: Tue, 09 Jun 2015 02:21:10 GMT
ETag: "ffa22-9e0-5180c695e1180"
Accept-Ranges: bytes
Content-Length: 2528
Cache-Control: max-age=86400
Expires: Sun, 19 Jul 2015 02:30:55 GMT
Content-Type: p_w_picpath/gif
apache配置防盗链
[root@wangchao logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType p_w_picpath/gif "access plus 1 days"
ExpiresByType p_w_picpath/jpeg "access plus 24 hours"
ExpiresByType p_w_picpath/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
SetEnvIfNoCase Referer "^http://.*\.test\.com" local_ref
SetEnvIfNoCase Referer ".*\.aaa\.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
Deny from all
</filesmatch>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.bbb.com$
RewriteRule ^/(.*)$ http://www.test.com/$1 [R=301,L]
</IfModule>
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "frank share web"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
[root@wangchao logs]# apachectl -t
Syntax OK
[root@wangchao logs]# apachectl graceful
apache访问控制
[root@wangchao logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
<Directory "/data/www">
AllowOverride None
Options None
Order allow,deny
Allow from all
Deny from 127.0.0.1
</Directory>
[root@wangchao logs]# apachectl graceful
[root@wangchao logs]# curl -x127.0.0.1:80 -I www.text.com
HTTP/1.1 403 Forbidden
Date: Sat, 18 Jul 2015 06:11:17 GMT
Server: Apache/2.2.24 (Unix) PHP/5.3.27
Content-Type: text/html; charset=iso-8859-1
[root@wangchao logs]# curl -x192.168.137.22:80 -I www.test.com
HTTP/1.1 301 Moved Permanently
Date: Sat, 18 Jul 2015 06:13:31 GMT
Server: Apache/2.2.24 (Unix) PHP/5.3.27
X-Powered-By: PHP/5.3.27
location: forum.php
Cache-Control: max-age=0
Expires: Sat, 18 Jul 2015 06:13:31 GMT
Content-Type: text/html
[root@wangchao logs]# curl -x192.168.137.22:80 -I www.test.com/forum.php
HTTP/1.1 200 OK
包含admin的页面请求只允许特定IP
[root@wangchao logs]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
<Directory "/data/www">
AllowOverride None
Options None
Order allow,deny
Allow from all
Deny from 127.0.0.1
</Directory>
<filesmatch "(.*)admin(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
[root@wangchao logs]# apachectl -t
[root@wangchao logs]# apachectl restart
[root@wangchao logs]# curl -x192.168.137.22:80 -I www.test.com/admin.php
HTTP/1.1 403 Forbidden
Date: Sat, 18 Jul 2015 06:21:22 GMT
Server: Apache/2.2.24 (Unix) PHP/5.3.27
Content-Type: text/html; charset=iso-8859-1
apache禁止解析php
[root@wangchao 18]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
# SetEnvIfNoCase Referer "^http://.*\.test\.com" local_ref
# SetEnvIfNoCase Referer ".*\.aaa\.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
# <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
# Order Allow,Deny
# Allow from env=local_ref
# Deny from all
# </filesmatch>
//将上一步做的防盗链取消了,不然影响后面实验
[root@wangchao logs]# ls /data/www/
[root@wangchao logs]# ls -l /data/www/data/
发表一个图片的帖子
[root@wangchao logs]# cd /data/www/data/p_w_upload/forum/
[root@wangchao forum]# ls
201507
[root@wangchao forum]# cd 201507/
[root@wangchao 201507]# ls
18 index.html
[root@wangchao 201507]# cd 18
[root@wangchao 18]# ls
143402wcfzfhtlpb9lftpb.jpg 143827hm5f7mjkjwkrojrk.jpg index.html
浏览器输入
http://www.test.com/data/p_w_upload/forum/201507/18/143827hm5f7mjkjwkrojrk.jpg就能访问并解析了:
如果用户上传了病毒,如此访问后,就执行了。现禁止其解析
[root@wangchao 18]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined env=!p_w_picpath-request
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType p_w_picpath/gif "access plus 1 days"
ExpiresByType p_w_picpath/jpeg "access plus 24 hours"
ExpiresByType p_w_picpath/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
# SetEnvIfNoCase Referer "^http://.*\.test\.com" local_ref
# SetEnvIfNoCase Referer ".*\.aaa\.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
# <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
# Order Allow,Deny
# Allow from env=local_ref
# Deny from all
# </filesmatch>
<Directory /data/www/data>
php_admin_flag engine off
# <filesmatch "(.*)php">
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# </filesmatch>
</Directory>
[root@wangchao 18]# cd /data/www/data/
[root@wangchao data]# vim info.php
<?php
phpinfo();
?>
[root@wangchao data]# apachectl -t
Syntax OK
[root@wangchao data]# apachectl restart
浏览器访问
禁止解析,但可以下载,为防止文件被用户下载;
[root@wangchao data]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
# SetEnvIfNoCase Referer "^http://.*\.test\.com" local_ref
# SetEnvIfNoCase Referer ".*\.aaa\.com" local_ref
# SetEnvIfNoCase Referer "^$" local_ref
# <filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
# Order Allow,Deny
# Allow from env=local_ref
# Deny from all
# </filesmatch>
<Directory /data/www/data>
php_admin_flag engine off
<filesmatch "(.*)php">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
</Directory>
[root@wangchao data]# curl -x127.0.0.1:80 www.test.com/data/info.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
//解析不出来
IP访问,也不能下载了
Apache禁止指定user_agent
[root@wangchao ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*cutl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*chrome* [NC]
RewriteRule .* - [F]
</IfModule>
[root@wangchao ~]# apachectl -t
Syntax OK
[root@wangchao ~]# apachectl restart
[root@wangchao ~]# curl -A 'ADGE' -x192.168.137.22:80 www.test.com/forum.php -I
HTTP/1.1 200 OK
[root@wangchao ~]# curl -A 'abchrome' -x192.168.137.22:80 www.test.com/forum.php -I
HTTP/1.1 403 Forbidden
apache通过rewrite限制某个目录
一些目录不允许用户访问
[root@wangchao ~]# cd /data/www/
[root@wangchao www]# ls
[root@wangchao www]# mkdir tmp
[root@wangchao www]# cd tmp/
[root@wangchao tmp]# ls
[root@wangchao tmp]# vim 12.txt
abc
客户端访问tmp/12.txt
现禁止其访问该目录
[root@wangchao tmp]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^.*/tmp/.* [NC]
RewriteRule .* - [F]
</IfModule>
[root@wangchao tmp]# apachectl restart
该不目录不能被访问
php.in配置文件详解
[root@wangchao tmp]# ls /usr/local/php/etc/php.ini
[root@wangchao tmp]# /usr/local/php/bin/php -i |head
Loaded Configuration File => /usr/local/php/etc/php.ini
disable_functions =
display_errors = on
[root@wangchao tmp]# apachectl graceful
[root@wangchao tmp]# vim /data/www/forum.php
aaaaaa //随意加入一行,使网站文件出错
客户端访问后,报错出现在网页上,此会暴露网站漏洞之类、
[root@wangchao tmp]# vim /usr/local/php/etc/php.ini
display_errors = off
[root@wangchao tmp]# apachectl graceful
现网页有错误后,不显示在网页上了。无报错。
[root@wangchao tmp]# curl -x127.0.0.1:80 www.test.com/forum.php -I
HTTP/1.1 403 Forbidden
[root@wangchao tmp]# vim /usr/local/php/etc/php.ini
log_errors = On
error_log=/usr/local/php/logs/php_errors.log
[root@wangchao tmp]# mkdir /usr/local/php/logs
[root@wangchao tmp]# chmod 777 !$
chmod 777 /usr/local/php/logs
[root@wangchao tmp]# !vim
vim /usr/local/php/etc/php.ini
error_reporting = E_ALL & ~E_NOTICE
[root@wangchao tmp]# apachectl graceful
再次访问:网页无报错,但有报错日志产生:
[root@wangchao tmp]# ls /usr/local/php/logs/
php_errors.log
[root@wangchao tmp]# cat /usr/local/php/logs/php_errors.log
[19-Jul-2015 21:45:05 Asia/Chongqing] PHP Parse error: syntax error, unexpected T_STRING in /data/www/forum.php on line 11
[root@wangchao tmp]# vim /data/www/forum.php
删除aaaaaa //即改回原文件,删除自己添加的错误配置
访问即正常:
[root@wangchao tmp]# vim /usr/local/php/etc/php.ini
open_basedir =/data/www:/tmp
//将访问限定在该目录下,(网站程序所在目录)---------安全选项
[root@wangchao tmp]# apachectl graceful
[root@wangchao tmp]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
# ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
php_admin_value open_basedir "/data/www:/tmp/"
//可在虚拟主机配置文件中,一个网站限制一个目录
[root@wangchao tmp]# vim /usr/local/php/etc/php.ini
#open_basedir =/data/www:/tmp //注销php.ini里的限制
[root@wangchao tmp]# apachectl graceful
访问正常:
[root@wangchao tmp]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
php_admin_value open_basedir "/data/www2/:/tmp/"
//将访问目录改成/data/www2/,访问出错,因为该网站目录在/data/www下。
[root@wangchao tmp]# tail /usr/local/php/logs/php_errors.log
//可查看报错日志
[root@wangchao tmp]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
php_admin_value open_basedir "/data/www/:/tmp/" //修改回
[root@wangchao tmp]# apachectl graceful
转载于:https://blog.51cto.com/9656134/1676178
587
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
