Apache用戶認證,域名跳轉，訪問日誌

[toc]

Apache用戶認證

1、 Apache用戶認證

用戶認證功能就是在用戶訪問網站的時候，須要輸入用戶名密碼才能進行訪問。一些比較好總要的站點和網站後臺都會加上用戶認證，以保證安全。

1.下面對xavi.com站點來作一個全站的用戶認證：

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把xavi.com那個虛擬主機編輯成以下內容
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/xavi.com"
    ServerName xavi.com
    <Directory /data/wwwroot/xavi.com> //指定認證的目錄
        AllowOverride AuthConfig //這個至關於打開認證的開關
        AuthName "xavi.com user auth" //自定義認證的名字，做用不大
        AuthType Basic //認證的類型，通常爲Basic，其餘類型阿銘沒用過
        AuthUserFile /data/.htpasswd  //指定密碼文件所在位置
        require valid-user //指定須要認證的用戶爲所有可用用戶
    </Directory>
</VirtualHost>

2.建立密碼htpasswd命令,-c選項是建立、-m選項是使用md5加密算法，xavi是認證用戶名

在建立密碼文件先要了解htpasswd命令： htpasswd命令是Apache的Web服務器內置工具，用於建立和更新儲存用戶名、域和用戶基本認證的密碼文件。

[root@xavi ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xavi
New password: 
Re-type new password: 
Adding password for user xavi
[root@xavi ~]# ls /data/.htpasswd
/data/.htpasswd
[root@xavi ~]# cat !$
cat /data/.htpasswd
xavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1

2.1 再建立一個用戶，從新加載配置-t,graceful

第二次在建立用戶時，不須要-c，不然/data/.htpasswd文件會被重置，以前的用戶被清空

[root@xavi ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd lilei
New password: 
Re-type new password: 
Adding password for user lilei
[root@xavi ~]# cat /data/.htpasswd
xavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1
lilei:$apr1$f8p3nVfN$gP/WTgkIpWPTqoTI8V31U1
//從新加載配置-t,graceful
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

2.2 綁定hosts，瀏覽器測試，狀態碼爲401，curl -x127.0.0.1:80 xavi.com

把須要全站用戶認證的站點的域名指向你的這臺LINUX機器，這樣才能經過windows瀏覽器訪問到www.123.com(你的認證站點)

[root@xavi ~]# curl -x127.0.0.1:80 xavi.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

從新加載配置，進行訪問測試：401狀態碼就是須要認證

[root@xavi ~]# curl -x127.0.0.1:80 xavi.com -I
HTTP/1.1 401 Unauthorized
Date: Tue, 06 Mar 2018 14:50:18 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="xavi.com user auth"
Content-Type: text/html; charset=iso-8859-1

3.curl -x127.0.0.1:80 -uaming:passwd www.123.com //狀態碼爲200

[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com
xavi.com[root@xavi ~]#
[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 15:12:44 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

xavi.com[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi xavi.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

4. 單個文件進行認證

淘寶端某個文件須要密碼認證

4.1 在配置文件中添加如下相似內容(根據本身的目錄修改)：

[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

4.2 從新加載配置-t,graceful

[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

4.3 編輯一個123.php文件，並認證

[root@xavi ~]# vim /data/wwwroot/xavi.com/123.php

[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com/123.php
123.php[root@xavi ~]#

2、 域名跳轉

啓用域名跳轉 ：是經過Apache的Rewrite模塊來實現的（httpd.conf中啓用該模塊，httpd-vhosts.conf中定義跳轉設置）

1 配置域名跳轉vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

域名跳轉相似於將網頁從新指向另外一個網站，但區別是域名跳轉會將域名自己從新指向網站，而不使用HTML或腳原本進行從新指向。當域名被設置爲跳轉至另外一網站，域名的地址將不會保留在瀏覽器的URL欄中，該欄顯示的會是新頁面的URL。若是您但願保留該欄中的URL，則須要使用隱形跳轉。

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/xavi.com"
    ServerName xavitest.com
    ServerAlias www.example.com www.xavi.com
    <IfModule mod_rewrite.c>          //須要mod_rewrite模塊支持
        RewriteEngine on                   //打開rewrite功能
        RewriteCond %{HTTP_HOST} !^xavitest.com$     //定義rewrite的條件，主機名（域名）不是xavitest.com時知足條件
                RewriteRule ^/(.*)$ http://xavitest.com/$1 [R=301,L]     //定義rewrite規則：當知足上面條件時才執行當前規則，即跳轉到xavitest.com。狀態碼301表示永久跳轉；302表示臨時跳轉。L表示last，執行一次，^表示非，（.*）表示123.php，$1表示第一個方括號
   </IfModule>

    ErrorLog "logs/xavi.example.com-error_log"
    CustomLog "logs/xavi.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>

     DocumentRoot "/data/wwwroot/xavi.com"
    ServerName xavi.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^xavi.com$
        RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L]
   </IfModule>

        ErrorLog "logs/xavi-error_log"
    CustomLog "logs/xavi-access_log" common
</VirtualHost>

檢查錯誤，打開httpd服務，從新加載配置-t,graceful

[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl start
httpd (pid 3152) already running
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

2.修改httpd.conf文件

[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[root@xavi ~]# vim /usr/local/apache2.4/conf/httpd.conf

LoadModule rewrite_module modules/mod_rewrite.so     //去掉#，以啓用這個模塊

/usr/local/apache2/bin/apachectl -M|grep -i rewrite //若無該模塊，須要編輯配置文件

[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
 rewrite_module (shared)
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful

3.測試跳轉是否成功

80端口有幾個冒號就是啓動了幾個網卡

[root@xavi ~]# curl -x192.168.72.130:80 xavi.com
xavi.com[root@xavi ~]# curl -x192.168.122.1:80 abcd.com
this is a test[root@xavi ~]#

驗證跳轉測試：curl -x192.168.122.1:80 www.example.com -I //-I可直接查看結果

[root@xavi ~]# curl -x192.168.122.1:80 www.example.com -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 13:43:47 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://www.xavi.com/
Content-Type: text/html; charset=iso-8859-1

[root@xavi ~]# curl -x192.168.122.1:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.xavi.com/">here</a>.</p>
</body></html>

4.狀態碼總結 301，200，401

https://blog.csdn.net/piaoxuan1987/article/details/51603671

3、 Apache訪問日誌

1. Apache訪問日誌所在位置：

[root@xavi ~]#  ls /usr/local/apache2.4/logs/
abcd-access_log      abcd-error_log  httpd.pid            xavi.com-error_log
abcd.com-access_log  access_log      xavi-access_log      xavi-error_log
abcd.com-error_log   error_log       xavi.com-access_log
[root@xavi ~]# ls /usr/local/apache2.4/logs/xavi.com-access_log
/usr/local/apache2.4/logs/xavi.com-access_log
[root@xavi ~]# cat !$

2. 查看日誌格式

2.1 在httpd.conf搜索LogFormat

[root@xavi ~]# vim /usr/local/apache2.4/conf/httpd.conf
<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>

combined和common兩種格式，默認使用common格式，Referer上一條訪問的網址.

3. 更改日誌的格式爲combined

[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^xavi.com$
        RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L]
   </IfModule>

        ErrorLog "logs/xavi-error_log"
    CustomLog "logs/xavi-access_log" combined
</VirtualHost>

查看日誌文件：cat /usr/local/apache2.4/logs/xavi-access_log

以前未找到緣由日誌變化的緣由是寫錯了訪問名

[root@xavi ~]# cat /usr/local/apache2.4/logs/xavi-access_log