11.18 Apache用戶認證 11.19/11.20 域名跳轉 11.21 Apache訪問日誌

時間  2019-11-10
標籤 11.18 apache 用戶 認證 11.19 11.20 域名 11.21 訪問 日誌 欄目 Apache 简体版
原文   原文鏈接

11.18 Apache用戶認證

htpasswd命令

>htpasswd命令是Apache的Web服務器內置工具,用於建立和更新儲存用戶名、域和用戶基本認證的密碼文件。php

語法: htpasswd [option] [參數]
Options:
-c:=create,建立一個加密文件
-n:不更新加密文件,只將更新後的用戶名密碼顯示在屏幕上
-m:使用MD5算法對密碼進行加密(默認)
-d:使用CRYPT算法對密碼進行加密
-p:不對密碼進行加密,即明文密碼
-s:使用SHA算法對密碼進行加密
-b:在命令行一併輸入用戶名和密碼,而不是根據提示輸入密碼
-D:刪除指定用戶html

 

 

 

 

注意: 本章使用瀏覽器進行檢測的前提是在物理機hosts文件添加虛擬機IP和虛擬主機域名。算法

配置用戶認證

編輯虛擬主機配置文件「httpd-vhosts.conf」apache

[root@cham002 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <Directory /data/wwwroot/www.123.com> //指定認證的目錄
        AllowOverride AuthConfig //這個至關於打開認證的開關
        AuthName "123.com user auth" //自定義認證的名字,做用不大
        AuthType Basic //認證的類型,通常爲Basic,其餘類型阿銘沒用過
        AuthUserFile /data/.htpasswd  //指定密碼文件所在位置
        require valid-user //指定須要認證的用戶爲所有可用用戶
    </Directory>
  ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

建立「httpd-vhosts.conf」中指定的密碼文件vim

[root@cham002 ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd cham
New password: 
Re-type new password: 
Adding password for user cham
[root@cham002 ~]# ls /data/.htpasswd 
/data/.htpasswd
[root@cham002 ~]# cat !$
cat /data/.htpasswd
cham:$apr1$4BnJRu4M$a7z1rY3N4sOXedzqxMRJ./


[root@cham002 ~]# /usr/local/apache2.4/bin/htpasswd  -m /data/.htpasswd cham1
New password: 
Re-type new password: 
Adding password for user cham1
[root@cham002 ~]# cat /data/.htpasswd
cham:$apr1$4BnJRu4M$a7z1rY3N4sOXedzqxMRJ./
cham1:$apr1$jooZfWYc$CR.Lvnq0FwcL8U2ZxBRqc0

即,在「/data/.htpasswd」爲用戶adai(自動建立)建立一個使用MD5算法加密的密碼文件。
注意: 只有在第一次建立該文件時加-c選項。瀏覽器

配置完成後從新加載服務器

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful

測試curl

[root@cham002 ~]# curl -x127.0.0.1:80 111.com
welcome to 111.comcurl -x127.0.0.1:80 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:01:39 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8


是失敗的

用瀏覽器測試也是沒有生效,我已經定義物理機hosts文件添加虛擬機IP和虛擬主機域名,那我檢查一下配置文件。ide

發現Directory /data/wwwroot/www.111.com 前面多了www,把它去掉後從新加載工具

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful

[root@cham002 ~]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[root@cham002 ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 401 Unauthorized
Date: Wed, 20 Dec 2017 13:02:34 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

正確密碼
[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:123456 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:09:03 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

錯誤密碼
[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:12345 111.com -I
HTTP/1.1 401 Unauthorized
Date: Wed, 20 Dec 2017 13:09:18 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

此時提示狀態碼爲「401」,說明當前所訪問的內容須要進行用戶認證。

狀態碼「200」,即訪問成功。

瀏覽器測試

對網站中指定文件設置用戶認證!

虛擬主機配置

[root@cham002 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
       # <Directory /data/wwwroot/111.com>
        <FilesMatch 123.php>             增長FilesMatch 123.PHP
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>                        增長對應標籤
   # </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

說明: 註釋掉< Directory >,取消對目錄設定的用戶認證,更改成< FilesMatch>,即對文件設定用戶認證。

檢測

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful


[root@cham002 ~]# vim /data/wwwroot/111.com/123.php
<?php
echo " hello 123.php";
~                        
:wq

[root@cham002 ~]# !curl
curl -x127.0.0.1:80 -ucham:12345 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:22:38 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:12345 111.com
welcome to 111.com

[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:12345 111.com/123.php    由於密碼錯誤這個時候401了
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:123456 111.com/123.php
 hello 123.php[root@cham002 ~]#

 

 

11.19-11.20 域名跳轉

域名跳轉分類及區別

種類:

301表示永久跳轉;302表示臨時跳轉。

區別:

  • 使用效果不一樣
    • 302跳轉是暫時的跳轉,搜索引擎會抓取新的內容而保留舊的網址。由於服務器返回302代碼,搜索引擎認爲新的網址只是暫時的。
    • 301重定向是永久的重定向,搜索引擎在抓取新內容的同時也將舊的網址替換爲重定向以後的網址。
  • SEO使用方式不一樣
    在搜索引擎優化中302跳轉被衆多黑帽SEO優化人員追求,對網站進行惡意302跳轉至非用戶目標訪問網站,所以搜索引擎對於網站的302跳轉一般是比較不友好,因此要慎用302跳轉!

SEO

SEO(Search Engine Optimization)搜索引擎優化,在瞭解搜索引擎天然排名機制的基礎上,對網站進行內部及外部的調整優化,改進網站在搜索引擎中的關鍵詞天然排名,得到更多流量,從而達成網站銷售及品牌建設的預期目標。

 

     

域名跳轉配置

配置虛擬主機配置文件:httpd-vhosts.conf

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
       # <Directory /data/wwwroot/111.com>
       # <FilesMatch 123.php>
       # AllowOverride AuthConfig
       # AuthName "111.com user auth"
       # AuthType Basic
       #AuthUserFile /data/.htpasswd 
       # require valid-user
       #</FilesMatch>
       # </Directory>
       <IfModule mod_rewrite.c> #須要mod_rewrite的支持
        RewriteEngine on        #開啓rewrite功能
        RewriteCond %{HTTP_HOST} !^111.com$  #Cond=condition,定義rewrite條件:全部非111.com的主機名(域名)
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]  #定義rewrite規則:當知足上面條件時才執行當前規則,即跳轉到111.com。
       </IfModule>

    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

檢查系統配置:

檢測

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite 
[root@cham002 ~]# vi /usr/local/apache2.4/conf/httpd.conf   把rewrite 的#號去掉。以下圖
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
 rewrite_module (shared)

即,去掉註釋符號「#」,加載rewrite模塊。

在此檢查Apache是否加載了虛擬主機配置中調用的rewrite模塊,若是沒有加載,須要編輯Apache配置文件「httpd.conf」:

使用curl檢測:

[root@cham002 ~]# curl -x127.0.0.1:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 20 Dec 2017 14:00:44 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1

welcome to 111.com[root@cham002 ~]# curl -x127.0.0.1:80 2111.com.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/">here</a>.</p>
</body></html>

此時,狀態碼爲301,即設定了域名永久跳轉!

在瀏覽器進行檢測時,訪問「www.2111.com.cn」會直接跳轉到「111.com」。

 

11.21 Apache訪問日誌

日誌文件所在位置:

[root@cham002 ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  111.com-error_log  
abc.com-access_log  abc.com-error_log  
access_log  error_log  httpd.pid

即:有combine和common兩種格式,默認使用common模式。

[root@cham002 ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.230.135 - - [19/Dec/2017:21:45:08 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
192.168.230.135 - - [19/Dec/2017:21:47:17 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:20:51:56 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:20:52:17 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.230.1 - - [20/Dec/2017:20:59:15 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:20:59:15 +0800] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - - [20/Dec/2017:21:01:31 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:21:01:39 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.230.1 - - [20/Dec/2017:21:01:46 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:47 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:47 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:47 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:48 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:52 +0800] "GET / HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:21:02:22 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
127.0.0.1 - - [20/Dec/2017:21:02:34 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
192.168.230.1 - - [20/Dec/2017:21:02:40 +0800] "GET / HTTP/1.1" 401 381
192.168.230.1 - cham [20/Dec/2017:21:07:54 +0800] "GET / HTTP/1.1" 200 18
127.0.0.1 - cham [20/Dec/2017:21:09:03 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - cham [20/Dec/2017:21:09:18 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
127.0.0.1 - cham [20/Dec/2017:21:22:38 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - cham [20/Dec/2017:21:22:46 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - cham [20/Dec/2017:21:23:09 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 401 381
192.168.230.1 - cham [20/Dec/2017:21:24:09 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - cham [20/Dec/2017:21:24:17 +0800] "GET /123.php HTTP/1.1" 200 14
127.0.0.1 - - [20/Dec/2017:21:24:48 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 401 381
127.0.0.1 - cham [20/Dec/2017:21:24:58 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:08 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:12 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - - [20/Dec/2017:21:43:17 +0800] "GET /123.php HTTP/1.1" 401 381
127.0.0.1 - - [20/Dec/2017:22:00:14 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:22:00:34 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223
127.0.0.1 - - [20/Dec/2017:22:00:44 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.230.1 - - [20/Dec/2017:22:02:07 +0800] "GET / HTTP/1.1" 301 223
192.168.230.1 - cham [20/Dec/2017:22:02:07 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - cham [20/Dec/2017:22:02:07 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - cham [20/Dec/2017:22:02:33 +0800] "GET / HTTP/1.1" 200 18

自定義日誌格式

系統自帶日誌格式,打開主配置文件

[root@cham002 ~]# vim /usr/local/apache2.4/conf/httpd.conf
/Log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
#h表示host來源IP,l表示login用戶,u表示user用戶密碼,t表示time時間,r表示request(行爲),s表示status狀態碼,b表示byte大小
#user-agent:用戶代理
#referer:跳轉到當前位置的上一個網址(即:提供當前IP的網站)

即:有combine和common兩種格式,默認使用common模式。

配置日誌格式

編輯虛擬主機配置文件「httpd-vhosts.conf」:

[root@cham002 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com 2111.com.cn
       # <Directory /data/wwwroot/111.com>
       # <FilesMatch 123.php>
       # AllowOverride AuthConfig
       # AuthName "111.com user auth"
       # AuthType Basic
       #AuthUserFile /data/.htpasswd 
       # require valid-user
       #</FilesMatch>
       # </Directory>
       <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
       </IfModule>

    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined

說明: 將日誌文件後面原有 common改成combined

從新加載:

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful

樣式:

[root@cham002 ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
僅複製一小部分新生成的
192.168.230.1 - cham [20/Dec/2017:22:26:44 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:44 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:45 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:46 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:46 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程