1、apapche用户验证:访问网站时需要输入用户名和密码,验证通过后才能访问,增加安全性:比如管理登录后台的入口:
1、先针对根目录(网站)做认证:也就是说访问网站的时候会提示用户名和密码:才可以访问:
1:需要编辑虚拟主机配置文件: /usr/local/apapche2.4/conf/extra/httpd-vhosts.conf :此时针对第一个虚拟主机做验证:如下:
[root@localhost_002 111.com]# vim /usr/local/apapche2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com #定义管理员邮箱:
DocumentRoot "/data/wwwroot/111.com" #网站根目录,要与下面验证时的目录一致:
ServerName www.111.com #网站域名:只能有一个:
ServerAlias www.example.com #网站别名:可以有多个:
#认证如下:
<Directory /data/wwwroot/111.com> #指定认证的目录:
AllowOverride AuthConfig #相当于打开认证的开关:
AuthName "111.com user auth" #自定义认证的名字,用处不大,会显示在验证页面:
AuthType Basic #认证类型,一般为Basic:
AuthUserFile /data/.htpasswd #指定密码文件所在位置,后续需要手动用命令生成:
require valid-user #指定需要认证的用户为auth里定义的全部用户:
</Directory>
#认证结束:
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
2:创建在上述文件(httpd-vhosts.conf)里定义的密码文件:如下:
[root@localhost_002 111.com]# /usr/local/apapche2.4/bin/htpasswd -m /data/.htpasswd lisi
New password:
Re-type new password:
[root@localhost_002 111.com]# /usr/local/apapche2.4/bin/htpasswd -m /data/.htpasswd zhansan
New password:
Re-type new password:
Adding password for user zhansan
[root@localhost_002 111.com]# cat /data/.htpasswd
lisi:$apr1$Ju.ZWThz$3aMSzII6cDp6xXCNm.a2A/
zhansan:$apr1$r8DvZQBQ$qm208cGSaTYQfP2uaW1Wa0
用到的两个参数:-c:create,创建: -m:md5加密:
如上图例,我们创建了两个用户了zhansan和lisi,并且第二次创建用户则不需要加-c参数了:
3:配置完成后测试和重新加载配置文件: -t graceful
[root@localhost_002 111.com]# /usr/local/apapche2.4/bin/apachectl -t
Syntax OK
[root@localhost_002 111.com]# /usr/local/apapche2.4/bin/apachectl graceful
4:测试:crul -x192.168.149.130:80 -I
[root@localhost_002 111.com]# curl -x192.168.149.130:80 www.111.com -I
HTTP/1.1 401 Unauthorized
Date: Sun, 26 Aug 2018 16:29:26 GMT
Server: Apache/2.4.34 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
由上图例可知,用户状态码401,说明当前所访问的内容页面需要进行验证:
使用用户和密码验证访问: crul -x192.168.149.130:80 -uzhansan:nihao123! www.111.com -I
[root@localhost_002 111.com]# curl -x192.168.149.130:80 -uzhansan:nihao123! www.111.com -I
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2018 16:36:03 GMT
Server: Apache/2.4.34 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
如上图例可知,状态码为200 OK,网站可以正常访问:
当然,也可以浏览器访问,不过绑定到物理主机的hosts文件:C:\Windows\System32\drivers\etc\hosts: IP地址 域名
注释:用户名和密码输入正确后既可访问:
扩展:htpasswd命令,是Apache的web服务器内置工具,用户创建、更新和存储用户名和用户基本认证的密码文件:
语法:htpasswd options 参数
-c:create,创建一个密码文件:
-m:使用md5算法对密码进行加密:
-s:使用SHA算法对密码进行加密:
-p:不对密码进行加密,即明文密码:
-D:删除指定用户:
2、当然Apapche可以针对网站做验证,也可以对某个网站下的文件做验证,比如:需要对后台登录界面做二次验证:
1:编辑虚拟主机配置文件: /usr/local/apapche2.4/conf/extra/httpd-vhost.conf
[root@localhost_002 ~]# vim /usr/local/apapche2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com> #注释掉,即取消对目录设置的用户验证:
<FilesMatch 123.php> #新增这行:对文件设定用户验证:
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch> #新增这行:对文件设定用户验证:
# </Directory> #注释掉,即取消对目录设置的用户验证:
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
注释:注释掉"<Directory>......</Directory>" 取消对目录设定的用户验证:
"<FilsMatch>......</FilshMatch>" 对文件设定用户验证:
2:检测并重启服务: -t graceful
[root@localhost_002 ~]# /usr/local/apapche2.4/bin/apachectl -t
Syntax OK
[root@localhost_002 ~]# /usr/local/apapche2.4/bin/apachectl graceful
3:测试: crul -x192.168.149.130:80 www.111.com/123.php -I
[root@localhost_002 ~]# curl -x192.168.149.130:80 www.111.com/ -I
HTTP/1.1 200 OK
[root@localhost_002 ~]# curl -x192.168.149.130:80 www.111.com/123.php -I
HTTP/1.1 401 Unauthorized
Date: Mon, 27 Aug 2018 04:01:06 GMT
Server: Apache/2.4.34 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
注释:此时可以随意访问www.111.com,但是访问111.com的子目录时会提示401错误,即需要用户验证:
使用用户名和密码验证访问,如下: 状态码200 OK:
[root@localhost_002 ~]# curl -x192.168.149.130:80 -uzhansan:nihao123! www.111.com/123.php
123.php
[root@localhost_002 ~]# curl -x192.168.149.130:80 -uzhansan:nihao123! www.111.com/123.php -I
HTTP/1.1 200 OK
浏览器访问下也是一样子:
2、域名跳转:有时候网站变更,涉及到SEO,权重排名(页面多),域名变更好,也还是想访问原网站,设置域名跳转,会跳转到原网站:
域名跳转的分类: 301 302
301:永久跳转,是永久重定向,搜索引擎会在抓取新内容时,用重定向后的网址替换旧的网址:
302:暂时的跳转,搜索引擎会抓取新内容的同时保留旧网址,因为服务器返回的是302,搜索引擎认为新网址只是暂时的:不会降低权重不友好:
1:域名跳转配置: /usr/local/papache2.4/conf/extra/httpd-vhosts.conf
[root@localhost_002 ~]# vim /usr/local/apapche2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias www.example.com www.2111.com
<IfModule mod_rewrite.c>
#新增,需要mod_rewrite模块支持,在编译apapche时不选择的most大多数模块:则不会列出该模块:
RewriteEngine on
#开启rewrite_mod模块开关:
RewriteCond %{HTTP_HOST} !^www.111.com$
#cond=condition,定义rewrite条件,所有非主机名(域名)是www.111.com满足条件,则跳转到:
RewriteRule ^/(.*)$ http://www.111.com/$1 [R=301,L]
#定义rewrite规则,当满足上面规则时,此规则才会执行:
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
如上图例:使用域名跳转功能,首先是需要mod_rewrite模块的支持才可以,其次是打开rewrite_mod模块开关,然后设定规则跳转条件如下:
RewrteCond %{HTTP_HOST} !^www.111.com$ 表示当域名不是www.111.com(主域名)的时候则跳转, "HTTP_HOST"就是定义的域名, "!"表示取反的意思: "^ $" 表示以www.111.com开头和结尾的:
RewriteRule ^/(.*)$ http://www.111.com/$1 [R=301,L] 表示跳转网站后面的子页面,如www.exapmle.com/123.php最后要跳转到www.111.com/123.php,让后面123.php这一部分保存不变:
#"^/"只表示域名的前面那一部分http://www.111.com/, "/"则表示com后的那的斜杠:
#(.*)$表示则表示域名后面的那一部分,此处表示123.php,也指后面的$1, "$1"则是前面括号里的"(.*)"
#如果域名后有个子目录,可以加多个匹配和$,比如^/(.*)([0-9) http://www.111.com/$1/$2, $1则对应前面第一个括号,$2对应第二个小括号:
2:测试: apachectl -M 查看模块是否加载; 然后在主配置文件 httpd.conf里打开配置文件:
[root@localhost_002 ~]# /usr/local/apapche2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
[root@localhost_002 ~]# cat /usr/local/apapche2.4/conf/httpd.conf |grep rewrite
LoadModule rewrite_module modules/mod_rewrite.so
3:测试: #看到状态码为301,跳转到www.111.com下: 需要先检查并重新加载服务:
[root@localhost_002 ~]# curl -x127.0.0.1:80 www.2111.com/ -I #状态码为301:
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Aug 2018 06:03:21 GMT
Server: Apache/2.4.34 (Unix) PHP/5.6.30
Location: http://www.111.com/
Content-Type: text/html; charset=iso-8859-1
[root@localhost_002 ~]# curl -x127.0.0.1:80 www.2111.com/sdfsdf -I #子页面状态码也是301:
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Aug 2018 06:03:28 GMT
Server: Apache/2.4.34 (Unix) PHP/5.6.30
Location: http://www.111.com/sdfsdf
[root@localhost_002 ~]# curl -x127.0.0.1:80 www.111.com/sdfssdfsadff/sdfsdf -I #再一级子页面则提示404:
HTTP/1.1 404 Not Found
#页面提示404,则表示页面不存:
状态码:常用 :
200 OK:表示成功:
301:表示页面跳转:
404:表示页面不存在:
401:表示用户名密码验证:
403:Forbidden:
3、Apache的访问日记:日记所在目录在虚拟主机httpd-vhosts.conf里定义,日记格式在httpd.conf下定义:
1:日记格式所在目录: /usr/local/apapche2.4/logs/
[root@localhost_002 ~]# ls /usr/local/apapche2.4/logs/
111.com-access_log 111.com-error_log abc.com-access_log abc.com-error_log access_log
error_log httpd.pid
[root@localhost_002 ~]# tail -f /usr/local/apapche2.4/logs/111.com-access_log
127.0.0.1 - - [27/Aug/2018:14:05:22 +0800] "HEAD HTTP://www.111.com/sdfssdfsadff/sdfsdf HTTP/1.1" 404 -
192.168.149.135 - - [27/Aug/2018:14:06:29 +0800] "GET / HTTP/1.1" 301 227
192.168.149.135 - lisi [27/Aug/2018:14:06:29 +0800] "GET / HTTP/1.1" 200 7
如上图例: HEAD表示是使用crul命令并加-I请求的,会显示状态码: get则表示正常的情况:
自定义日记格式: /usr/local/apapche2.4/conf/httpd.conf
[root@localhost_002 ~]#vim /usr/local/apapche2.4/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
#%h表示来源IP, %l表login用户 %u表示user 用户, %t表示time 时间 %r表示request 行为, %s表示status 状态码, %b表示byte 大小:
格式信息: %h %l %u %t %r %s %b
User-Agent:浏览器标识:对于来访问服务器的对象,使用的是什么浏览器或客户端:
如谷歌:使用的谷歌类似标示:
如:crul:则显示curl相关:
Referer:访问本页面时,浏览器上一次所访问的网址是什么,比如你访问子页面,会记录父页面的网址:也就是说你是通过什么跳转到本论坛的:百度或者其他浏览器:
如上图例:系统自带的日记格式有: common combined 两种:
2:修改网站访问日记格式: /usr/local/apapche2.4/conf/extra/httpd-vhosts.conf
[root@localhost_002 ~]# cat /usr/local/apapche2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin yuanhh@foreb.com
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias www.example.com www.2111.com
#<Directory /data/wwwroot/111.com>
#<FilesMatch 123.php>
# AllowOverride AuthConfig
# AuthName "111.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.111.com$
RewriteRule ^/(.*)$ http://www.111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined #此处修改common 为 combined
</VirtualHost>
注释:修改图例中CustomLog这一个行,最后common为combined:
3:检测配置并且启动服务: -t graceful
[root@localhost_002 ~]# /usr/local/apapche2.4/bin/apachectl -t
Syntax OK
[root@localhost_002 ~]# /usr/local/apapche2.4/bin/apachectl graceful
4:测试,分别用curl和浏览器访问,然后再次查看日记: crul -x127.0.0.1:80 www.111.com -I
[root@localhost_002 ~]# curl -x127.0.0.1:80 www.111.com -I
HTTP/1.1 200 OK
Date: Mon, 27 Aug 2018 06:53:14 GMT
Server: Apache/2.4.34 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
[root@localhost_002 ~]# curl -x127.0.0.1:80 www.2111.com -I
HTTP/1.1 301 Moved Permanently
[root@localhost_002 ~]# curl -x127.0.0.1:80 www.2111.com/123.php -I
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Aug 2018 06:53:31 GMT
5:查看日记格式: tail /usr/local/apapche2.4/logs/111.com-access_log
[root@localhost_002 ~]# tail /usr/local/apapche2.4/logs/111.com-access_log
127.0.0.1 - - [27/Aug/2018:14:53:19 +0800] "HEAD HTTP://www.2111.com/ HTTP/1.1" 301 - "-" "curl/7.29.0"
127.0.0.1 - - [27/Aug/2018:14:53:31 +0800] "HEAD HTTP://www.2111.com/123.php HTTP/1.1" 301 - "-" "curl/7.29.0"
192.168.149.135 - lisi [27/Aug/2018:14:53:50 +0800] "GET / HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
如上即可: