第十八课预习任务
11.16/11.17 Apache默认虚拟主机
C:\Windows\System32\drivers\etc
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
192.168.11.106 www.test.com www.aaa.com www.222.com 保存
windows cmd ping www.222.com
访问也是这个http://www.222.com/forum.php
这样只要指定域名都可以访问网站,不安全,所以回到Linux
[root@localhost ~]# mkdir /tmp/124
[root@localhost ~]# chmod 600 /tmp/124 de...用户不能访问
添加 vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/tmp/124" 指定一个没有的文件夹或创建一个权限600
ServerName 1111 .com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<Directory /data/www/abc/>
AllowOverride AuthConfig
AuthName "aaaaa“
AuthType Basic
AuthUserFile /data/.htpasswd
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
/usr/local/apache2/bin/apachectl restart
再去访问网址http://www.aaa.com/forum.php 和http://www.test.com/forum.php 可以正常访问
其他的都是不能访问了
想把它禁掉指定一个空目录 随便写个域名
11.18 Apache用户认证
现在我们把论坛安装完了http://www.test.com/forum.php一个帖子也没有
根据这个论坛我们做一些Apache 的配置 像自己知道用户名密码才可以访问,有些东西只想自己能看到。
[root@localhost www]# ls
admin.php connect.php forum.php member.php search.php uc_server
api cp.php group.php misc.php source userapp.php
api.php crossdomain.xml home.php plugin.php static
archiver data index.php portal.php template
config favicon.ico install robots.txt uc_client
[root@localhost www]# mkdir abc
[root@localhost www]# cd abc
[root@localhost abc]# ls
[root@localhost abc]# cp /etc/passwd ./12.txt
正常是可以访问的
需要只有输入用户名和密码才能进入
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<Directory /data/www/abc>
AllowOverride AuthConfig
AuthName "自定义的“
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
vim /etc/profile.d/path.sh
export PATH=$PATH:/usr/local/mysql/bin:usr/local/apache2/bin
[root@localhost abc]# !sour
source /etc/profile.d/path.sh
[root@localhost abc]# htpasswd -c /data/.htpasswd user1
New password:
Re-type new password:
Adding password for user user1
[root@localhost abc]# cat /data/.htpasswd
user1:l1IGRnKkNw.CU
用户名密码
当我们再从新创建一个用户时候
不能直接htpasswd -c /data/.htpasswd user2而是把 -c去掉
[root@localhost abc]# htpasswd /data/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2
[root@localhost abc]# !cat
cat /data/.htpasswd
user1:l1IGRnKkNw.CU
user2:v3pJKo/Tmrmm.
chown -R daemon:daemon /data/www/
/usr/local/apache2/bin/apachectl -t
/usr/local/apache2/bin/apachectl graceful
如果改成
<Directory /data/www/abc/>
AllowOverride AuthConfig
AuthName "aaaaa“
AuthType Basic
输user 1 密码 123456 就可以访问了
指定那个路径做配置文件
11.19/11.20 域名跳转
因为搜索引擎不明朗 不利于排名,官方叫pr.我们要帮搜索引擎识别那种是主要 那种是次要的 所以域名的跳转
像我们再搜索www。aaa.com 时候我们跳转到www.test .com 中
还是编辑vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
添加一个跳转模块
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<IFModule mod_rewrite.c>
ReriteEngine on
RewriteCond %{HTTP_HOST} ^www.domainl.com$ # 条件,满足什么样的条件我要跳
RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301,L] # 目的做什么跳到哪去
</IfModule>
我们可以看下这个模块 /usr/local/apache2/bin/apachectl -M
rewrite_module (shared)
php5_module (shared)
Syntax OK
看到已经加载啦
刚才编辑的 RewriteCond %{HTTP_HOST} ^www.domainl.com$
RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301,L]
变成第一个是条件 第二行是规则
RewriteCond %{HTTP_HOST} ^www.aaa.com$
RewriteRule ^(.*)$ http://www.test.com/$1 [R=301,L]
跳转有两种 一种301 我们加永久重命相 对搜索引擎来说是非常友好的,
第二章302是临时的重命相, L是last结束了
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2/bin/apachectl restart
检查后重启
我们可以做个试验http://www.aaa.com//forum.php 网址会自动的变成http://www.test.com//forum.php
这样也可以检查
[root@localhost ~]# curl -x192.168.11.106:80 www.aaa.com/alsjfoiewjofijolfjolsdj -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 19 Apr 2017 01:27:14 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
Location: http://www.test.com//alsjfoiewjofijolfjolsdj
Content-Type: text/html; charset=iso-8859-1
如果有3个域名呢,还有个bbb呢
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<IFModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.aaa.com$
然后
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2/bin/apachectl restart
测试[root@localhost ~]# curl -x192.168.11.106:80 www.bbb.com/alsjfoiewjofijolfjolsdj -I
HTTP/1.1 404 Not Found
Date: Wed, 19 Apr 2017 01:32:32 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
Content-Type: text/html; charset=iso-8859-1
同样的也跳转到text 这就是域名的跳转或301重命相
11.21 Apache访问日志
有时我么会把站点临时做一个黑名单或白名单的限制,发现有来源IP非法的请求,通过日志发现有长期攻击站点 。我们就可以把IP禁止掉 从主配置文件 vim /usr/local/apache2/conf/httpd.conf
复制
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
到 vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
ServerAlias www.bbb.com
<Directory "/data/www">
AllowOverride None
Options None
Order allow,deny
Allow from all
Deny from 127.0.0.1
</Directory>
SetEnvIf Request_URI ".*\.gif$" image-request
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2/bin/apachectl graceful
如果先deny后 allow
Order,deny allow
Allow from all
Deny from 1.1.1.1 那么Deny是没有效果的
如果我们换下顺序 Order allow,deny那么
Allow from all
Deny from 1.1.1.1 就会有组织作用
还好我们的虚拟机有两个IP
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:5F:55:1F
inet addr:192.168.11.106 Bcast:192.168.11.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe5f:551f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:382828 errors:0 dropped:0 overruns:0 frame:0
TX packets:108792 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:497103129 (474.0 MiB) TX bytes:17985387 (17.1 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1231 errors:0 dropped:0 overruns:0 frame:0
TX packets:1231 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:177783 (173.6 KiB) TX bytes:177783 (173.6 KiB)
一个是192.168.11.106 一个是127.0.0.1
[root@localhost ~]# curl -x127.0.0.1:80 -I www.test.com
HTTP/1.1 403 Forbidden
Date: Tue, 13 Jan 2015 19:41:16 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
Content-Type: text/html; charset=iso-8859-1
403无法访问了
如果我们换成curl -x192.168.11.106:80 -I www.test.com
[root@localhost ~]# curl -x192.168.11.106:80 -I www.test.com
HTTP/1.1 301 Moved Permanently
Date: Tue, 13 Jan 2015 19:43:01 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
X-Powered-By: PHP/5.4.45
location: forum.php
Cache-Control: max-age=0
Expires: Tue, 13 Jan 2015 19:43:01 GMT
Content-Type: text/html
没问题
curl -x192.168.11.106:80 -I www.test.com/forum.php
也是正常[root@localhost ~]# curl -x192.168.11.106:80 -I www.test.com/forum.php
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 19:44:34 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
X-Powered-By: PHP/5.4.45
Set-Cookie: FfKX_2132_saltkey=Q41JcL4L; expires=Thu, 12-Feb-2015 19:44:34 GMT; path=/; httponly
Set-Cookie: FfKX_2132_lastvisit=1421174674; expires=Thu, 12-Feb-2015 19:44:34 GMT; path=/
Set-Cookie: FfKX_2132_sid=W89qo9; expires=Wed, 14-Jan-2015 19:44:34 GMT; path=/
Set-Cookie: FfKX_2132_lastact=1421178274%09forum.php%09; expires=Wed, 14-Jan-2015 19:44:34 GMT; path=/
Set-Cookie: FfKX_2132_onlineusernum=1; expires=Tue, 13-Jan-2015 19:49:34 GMT; path=/
Set-Cookie: FfKX_2132_sid=W89qo9; expires=Wed, 14-Jan-2015 19:44:34 GMT; path=/
Cache-Control: max-age=0
Expires: Tue, 13 Jan 2015 19:44:34 GMT
Content-Type: text/html; charset=gbk
当然也可以白名单,想先deny allow
另外一种方式
对admin.php做一个白名单限制,
<filesmatch "(.*)admin(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
[root@localhost ~]# curl -x192.168.11.106:80 -I www.test.com/admin.php
HTTP/1.1 403 Forbidden
Date: Tue, 13 Jan 2015 19:55:32 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
Content-Type: text/html; charset=iso-8859-1
[root@localhost ~]# curl -x127.0.0.1:80 -I www.test.com/admin.php
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 19:55:58 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
X-Powered-By: PHP/5.4.45
Set-Cookie: FfKX_2132_saltkey=PCcvB997; expires=Thu, 12-Feb-2015 19:55:58 GMT; path=/; httponly
Set-Cookie: FfKX_2132_lastvisit=1421175358; expires=Thu, 12-Feb-2015 19:55:58 GMT; path=/
Set-Cookie: FfKX_2132_sid=sq9CgY; expires=Wed, 14-Jan-2015 19:55:58 GMT; path=/
Set-Cookie: FfKX_2132_lastact=1421178958%09admin.php%09; expires=Wed, 14-Jan-2015 19:55:58 GMT; path=/
Cache-Control: max-age=0
Expires: Tue, 13 Jan 2015 19:55:58 GMT
Content-Type: text/html; charset=gbk
11.22 访问日志不记录静态文件
2.1 apache不记录指定文件类型的数据
刚才访问日志文件看到很多描述
图片的,我们是没必要记录的,
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
SetEnvIf Request_URI ".*\.gif$" image-request
SetEnvIf Request_URI ".*\.jpg$" image-request
SetEnvIf Request_URI ".*\.png$" image-request
SetEnvIf Request_URI ".*\.bmp$" image-request
SetEnvIf Request_URI ".*\.swf$" image-request
SetEnvIf Request_URI ".*\.js$" image-request
SetEnvIf Request_URI ".*\.css$" image-request
ErrorLog "logs/test.com-error_log"
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined env=!image-request
刷新下看下
[root@localhost logs]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@localhost logs]# /usr/local/apache2/bin/apachectl restart
[root@localhost logs]# ls
access_log httpd.pid test.com-access_log
error_log test.com-access_20150114_log test.com-error_log
[root@localhost logs]# cat test.com-access_20150114_log
这是怎样不去记录静态文件。
11.23 访问日志切割
我们访问
应该有个历史记录的
开始的时候就这两个 vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.test.com
ServerAlias www.aaa.com
ServerAlias www.bbb.com
# ErrorLog "logs/dummy-host.example.com-error_log"
# CustomLog "logs/dummy-host.example.com-access_log" common
<IFModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.aaa.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.aaa.com$
我们把他打开
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common
然后在主配置文件可以看到[root@localhost ~]# vim /usr/local/apache2/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 最好用这种格式
LogFormat "%h %l %u %t \"%r\" %>s %b" common 这是common的格式的日志
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 自定义的而是
</IfModule>
把 vim /usr/local/apache2/conf/extra/httpd-vhosts.conf 配置文件变成
ErrorLog "logs/test.com-error_log"
CustomLog "logs/test.com-access_log" combined
[root@localhost ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2/bin/apachectl graceful
[root@localhost ~]# cd /usr/local/apache2/logs/
[root@localhost logs]# ls
access_log error_log httpd.pid test.com-access_log test.com-error_log
[root@localhost logs]# cat test.com-access_log
错误检查[root@localhost logs]# cat test.com-error_log
u 用户 t时间 r 动作, 最后浏览器标识,可根据他做一些权限
每天太多了
所以切割掉
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
ErrorLog "logs/test.com-error_log"
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined
切割了访问日志
[root@localhost logs]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@localhost logs]# /usr/local/apache2/bin/apachectl restart
可以改时间可以不改[root@localhost logs]# date -s "2015-01-14 01:01:00"
Wed Jan 14 01:01:00 CST 2015
[root@localhost logs]# ls
access_log error_log httpd.pid test.com-access_20150114_log test.com-access_log test.com-error_log
11.24 静态元素过期时间
为了把这些文件减小传输可以做一些缓存、规定缓存的天数 谷歌浏览器按f12就会出现上面的
打开虚拟主机配置文件vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
加入配置
<IFModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours "
ExpiresByType image/png "access plus 24 hours"
ExpiresByType image/gif "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
<IFModule mod_rewrite.c> 这个模块上面
然后
[root@localhost logs]# curl -x127.0.0.1:80 'http://www.test.com/static/image/common/logo.png' -I
HTTP/1.1 200 OK
Date: Sat, 03 Jun 2017 02:09:36 GMT
Server: Apache/2.2.32 (Unix) PHP/5.6.30
Last-Modified: Sat, 01 Apr 2017 02:23:52 GMT
ETag: "117fe48-1149-54c119df83e00"
Accept-Ranges: bytes
Content-Length: 4425
Cache-Control: max-age=86400
Expires: Sun, 04 Jun 2017 02:09:36 GMT
Content-Type: image/png
把 ExpiresByType image/png "access plus 12 hours"
[root@localhost ~]# curl -x127.0.0.1:80 'http://www.test.com/static/image/common/logo.png' -I
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 18:43:19 GMT
Server: Apache/2.2.32 (Unix) PHP/5.4.45
Last-Modified: Tue, 13 Jan 2015 18:43:19 GMT
ETag: W/"801ae-1149-5341ab0597500"
Accept-Ranges: bytes
Content-Length: 4425
Cache-Control: max-age=43200
Expires: Wed, 14 Jan 2015 06:43:19 GMT
Content-Type: image/png
扩展
apache虚拟主机开启php的短标签 http://ask.apelearn.com/question/5370
apache日志记录代理IP以及真实客户端IP http://ask.apelearn.com/question/960
apache只记录指定URI的日志 http://ask.apelearn.com/question/981
apache日志记录客户端请求的域名 http://ask.apelearn.com/question/1037
apache 日志切割问题 http://ask.apelearn.com/question/566
浙公网安备 33010602011771号