Apache用戶認證,域名跳轉，訪問日誌

Apache用戶認證

當設置了用戶認證後，用戶訪問網站時，須要輸入用戶名和密碼才能訪問。
能夠全局設置，也能夠爲某幾個虛擬主機單獨配置。
下面以全局配置進行操做示例。

• 編輯httpd.conf進行配置

[root@test-a ~]# vim /usr/local/apache2.4/conf/httpd.conf

• 找到"<Directory"，並添加修改相應的配置內容以下

<Directory "/usr/local/apache2.4/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    # AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    # Require all granted

    ALLOWOVERRIDE AuthConfig # 這裏至關於打開了認證開關
    AuthType Basic # 認證類型，通常使用Basic
    AuthName "test" # 自定義認證的名字，做用不大
    AuthUserFile /data/.webpasswd # 認證祕鑰文件（使用apche自帶的工具生成)
    require valid-user # 指定須要認證的用戶爲所有用戶
</Directory>

• 建立認證文件，添加認證用戶

[root@test-a ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.webpasswd test  # -c 建立密鑰文件,-m 使用md5加密
New password:
Re-type new password:
Adding password for user test

# 已有文件,添加用戶
[root@test-a ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.webpasswd test1
New password:
Re-type new password:
Adding password for user test1

• 校驗配置修改正確性

[root@test-a ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK

• 從新加載配置

[root@test-a ~]# /usr/local/apache2.4/bin/apachectl graceful

• 測試

[root@test-a ~]# curl -x127.0.0.1:80 www.123.com  # 返回401錯誤碼
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[root@test-a ~]# curl -x127.0.0.1:80 -utest:test www.123.com  # 帶用戶名密碼,訪問OK
<html><body><h1>It works!</h1></body></html>

域名跳轉

• vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/tmp/web-default" # 網站資源目錄
    ServerName test.com  # 域名
    ServerAlias www.test.com www.123.com # 域名別名
    <IfModule mod_rewrite.c> # 須要mod_rewrite模塊支持
            RewriteEngine on  #打開rewrite功能
            RewriteCond %{HTTP_HOST} !^www.123.com$  # 定義rewrite的條件，主機名（域名）不是www.123.com知足條件
            RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] # 定義rewrite規則，當知足上面的條件時，這條規則纔會執行，301是永久重定向，302是臨時重定向，臨時的不會增長搜索引擎的權重，通常都是用301
    </IfModule>
</VirtualHost>

• 須要檢查rewrite模塊是否打開

[root@test-a apache2.4]# /usr/local/apache2.4/bin/apachectl -M | grep rewrite
 rewrite_module (shared)
# 刪除httpd.conf 裏 rewrite_module (shared) 前面的#
# 從新加載配置
[root@test-a apache2.4]# /usr/local/apache2.4/bin/apachectl graceful

• 測試

# curl -x127.0.0.1:80 -I www.123.com
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Nov 2018 08:10:20 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Location: http://www.123.com/
Content-Type: text/html; charset=iso-8859-1

Apache訪問日誌

• 訪問日誌記錄用戶的每個請求
• vim /usr/local/apache2.4/conf/httpd.conf
• 搜索LogFormat

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined LogFormat "%h %l %u %t "%r" %>s %b" common
h來源ip、l用戶密碼、u用戶、t時間、r行爲，網址、s狀態碼、b大小
{Referer}瀏覽器進入一個網站後的第二個頁面，referer記錄的日誌的就是第一個訪問頁面的網址是什麼、在百度中搜索進入開源中國網站首頁後，referer記錄的就是百度搜出來的結果頁面網址
{User-Agent}用戶代理（怎麼得到網址內容，是瀏覽器仍是curl）