linux的Apache用戶認證、域名跳轉、Apache訪問日誌介紹
Apache用戶認證(針對目錄)
這個功能就是在用戶訪問網站的時候,須要輸入用戶密碼才能順利訪問。一些比較重要的站點或者網站後臺一般會加上用戶認證,目的是保證安全。php
- 虛擬主機的配置文件:
編輯配置文件
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
更改111.com的虛擬主機認證內容以下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com> //指定認證的目錄
AllowOverride AuthConfig //這個至關於打開認證的開關
AuthName "111.com user auth" //自定義認證的名字,做用不大
AuthType Basic //認證的類型,通常爲Basic,其餘類型阿銘沒用過
AuthUserFile /data/.htpasswd //指定密碼文件所在位置
require valid-user //指定須要認證的用戶爲所有可用用戶
</Directory>
</VirtualHost>
最終保存文件,示例以下:
2.Apache自帶命令htpasswd建立密碼文件html
[root@gary-tao local]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xie //建立用戶密碼文件 New password: //新建密碼 Re-type new password: //新建密碼 Adding password for user xie [root@gary-tao local]# ls /data/.htpasswd //查看密碼文件 /data/.htpasswd [root@gary-tao local]# cat /data/.htpasswd //查看生成用戶密碼 xie:$apr1$h/QEC7nC$hNNV080nvhSI2jWCQLt7M0 [root@gary-tao local]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd aming //再增長一個用戶 New password: Re-type new password: Adding password for user aming [root@gary-tao local]# cat /data/.htpasswd xie:$apr1$h/QEC7nC$hNNV080nvhSI2jWCQLt7M0 aming:$apr1$At/pBlDA$4IYzNISYUew9ELrea5dP7.
說明:
- -c:是建立;
- -m:是指定md5加密類型;
- 指定用戶爲xie(PS:若是再次新增用戶,就不須要再加-c ,由於已經建立過密碼文件了);
3.測試語法和加載配置文件linux
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
4.測試配置是否成功apache
- 訪問111.com,出現401狀態碼,說明訪問的這個域名須要用戶認證。
[root@gary-tao local]# curl -x127.0.0.1:80 111.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>
- 在本地windows系統裏作hosts解析111.com
路徑:C:\Windows\System32\drivers\etc
格式:172.16.111.100 111.comvim
- 定義完本地hosts後,用瀏覽器訪問111.com網站時就會出現用戶認證,用戶密碼就是剛纔增長的用戶和設置的密碼
5.使用curl -x輸入用戶名密碼訪問。windows
用法
[root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 10:51:28 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8
說明:狀態碼變成200了,就是正常的,-u的做用是指定用戶和密碼。
6.還能夠針對單個文件進行認證(針對文件)瀏覽器
示例內容:安全
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<FilesMatch admin.php> //跟上面的不一樣的是這行,上面是指定認證的目錄,這裏是指定單個文件。
AllowOverride AuthConfig
AuthName "123.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch> //這行也不一樣
</VirtualHost>
- 在配置文件修改爲如下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
#</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
- 更改完成後測試語法及從新加載配置文件:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
- 在111.com目錄下編輯建立測試文件123.PHP。
[root@gary-tao local]# vim /data/wwwroot/111.com/123.php
- 用curl -x訪問:
[root@gary-tao local]# curl -x127.0.0.1:80 111.com -I //不用-u加用戶和密碼了,也能夠訪問,出現200狀態碼 HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 11:04:06 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# curl -x127.0.0.1:80 111.com/123.php -I //可是訪問文件123.php時就出現401了,說明須要用戶認證了 HTTP/1.1 401 Unauthorized Date: Wed, 20 Dec 2017 11:04:17 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 WWW-Authenticate: Basic realm="111.com user auth" Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com/123.php -I //只有用-u加用戶和密碼才能正常訪問123.php。 HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 11:04:38 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com/123.php //進入到文件裏。 123.php[root@gary-tao local]# [root@gary-tao local]#
域名跳轉
域名跳轉的做用有兩點:
- 若是某個域名再也不使用了,可是搜索引擎還留着以前的老域名的連接,這意味着用戶可能會搜到咱們的網站而且點擊老的域名,固須要把老域名作個跳轉跳到新域名,這樣用戶搜的時候,也能夠訪問網站。
- 一個站點有多個域名會對SEO的排名有影響,若是把多個域名所有跳轉到一個指定的域名,這樣以這個域名爲中心,就能夠把權重集中在這個域名上,並給定義一個狀態碼爲301,301叫做永久重定向。
需求,把123.com域名跳轉到www.123.com.
- 編輯配置文件
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
2.修改增長以下內容:curl
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c> //須要mod_rewrite模塊支持
RewriteEngine on //打開rewrite功能
RewriteCond %{HTTP_HOST} !^www.123.com$ //定義rewrite的條件,主機名(域名)不是www.123.com知足條件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定義rewrite規則,當知足上面的條件時,這條規則纔會執行
</IfModule>
</VirtualHost>
修改示例以下:
3.檢測語法及從新加載配置:ide
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
4.檢測apache是否加載了rewrite模塊。
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //若無該模塊,須要編輯配置文件httpd.conf,刪除rewrite_module (shared) 前面的# [root@gary-tao local]# vi /usr/local/apache2.4/conf/httpd.conf //進入配置文件,搜索rewrite,把前面#去掉
示例以下:
5.檢測語法及從新加載配置,查看加載模塊:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //查看加載模塊 rewrite_module (shared)
6.測試
[root@gary-tao local]# curl -x 127.0.0.1:80 -I 2111.com.cn HTTP/1.1 301 Moved Permanently Date: Wed, 20 Dec 2017 12:31:50 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Location: http://111.com/ Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x 127.0.0.1:80 2111.com.cn //看內容 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://111.com/">here</a>.</p> </body></html> [root@gary-tao local]# curl -x 127.0.0.1:80 2111.com.cn/adfjadfa/adfdafadfaf -I HTTP/1.1 301 Moved Permanently Date: Wed, 20 Dec 2017 12:34:05 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Location: http://111.com/adfjadfa/adfdafadfaf Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/adfjadfa/adfdafadfaf -I HTTP/1.1 404 Not Found Date: Wed, 20 Dec 2017 12:35:08 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 12:36:35 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# vi /usr/local/apache2.4/conf/httpd.conf [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 403 Forbidden Date: Wed, 20 Dec 2017 12:39:23 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
說明:
- -I 不顯示訪問內容,只看狀態碼
- 404 這個頁面不存在
- 301 永久跳轉
- 401 用戶密碼驗證,密碼驗證不對就401,驗證對了就200
- 403 把granted改爲denied就會403
Apache訪問日誌
訪問日誌的做用很大,不只能夠記錄網站的訪問日誌,還能夠在網站有異常發生時幫助咱們定位問題,好比有***時,是能夠經過查看日誌看到一些規律的.日誌記錄了不少系統的信息,經過讀日誌,能夠找到系統問題的緣由。而日誌有不一樣的格式,分爲common和combined,combined能夠記錄更多的信息。
- 查看默認配置文件日誌
[root@gary-tao local]# ls /usr/local/apache2.4/logs/ 111.com-access_log 111.com-error_log abc.com-access_log abc.com-error_log access_log error_log httpd.pid [root@gary-tao local]# ls /usr/local/apache2.4/logs/111.com-access_log /usr/local/apache2.4/logs/111.com-access_log [root@gary-tao local]# cat /usr/local/apache2.4/logs/111.com-access_log 172.16.111.1 - xie [20/Dec/2017:20:09:54 +0800] "GET / HTTP/1.1" 200 12 127.0.0.1 - - [20/Dec/2017:20:31:50 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 - 127.0.0.1 - - [20/Dec/2017:20:32:53 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223 127.0.0.1 - - [20/Dec/2017:20:34:05 +0800] "HEAD HTTP://2111.com.cn/adfjadfa/adfdafadfaf HTTP/1.1" 301 - 127.0.0.1 - - [20/Dec/2017:20:35:08 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 - 127.0.0.1 - - [20/Dec/2017:20:36:35 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - 127.0.0.1 - - [20/Dec/2017:20:39:23 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 - 127.0.0.1 - - [20/Dec/2017:20:40:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
2.介紹日誌配置文件格式
[root@gary-tao local]# vim /usr/local/apache2.4/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
內容示例以下:
訪問日誌記錄用戶的每個請求說明以下:
- %h:爲訪問網站的IP;
- %l:爲訪問遠程登陸名,這個字段基本上爲"-";
- %u:爲用戶名,當使用用戶認證時,這個字段爲認證的用戶名;
- %t:爲時間;
- %r:爲請求的動做(好比用ctrl-I是就爲HEADE);
- %s:爲請求的狀態,寫成%>s爲最後的狀態碼;
- %b:爲傳輸數據大小;
- %{Referer}i:爲referer信息(請求本次地址上一次的地址就爲referer,好比在百度中搜索阿銘linux,而後經過百度的搜索結果頁面點擊而後到了阿名的論壇,那訪問阿銘的論壇的此次請求的referer就是baidu,固然那個地址確定是很長的);
- %{User-Agent}i:爲瀏覽器標識,好比你用Firefox或者Chrome瀏覽器,則該字段顯示內容不同,是帶有瀏覽器的標識的。
3.定義虛擬主機配置文本日誌格式:
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //進入配置文件
把common日誌格式格式改爲comdined日誌格式,示例以下:
4.測試語法及從新加載配置
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
5.隨便作幾個操做命令,而後查看日誌。
[root@gary-tao local]# !curl curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 13:10:16 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 13:10:31 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# tail /usr/local/apache2.4/logs/111.com-access_log 127.0.0.1 - - [20/Dec/2017:20:34:05 +0800] "HEAD HTTP://2111.com.cn/adfjadfa/adfdafadfaf HTTP/1.1" 301 - 127.0.0.1 - - [20/Dec/2017:20:35:08 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 - 127.0.0.1 - - [20/Dec/2017:20:36:35 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - 127.0.0.1 - - [20/Dec/2017:20:39:23 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 - 127.0.0.1 - - [20/Dec/2017:20:40:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - 127.0.0.1 - - [20/Dec/2017:21:10:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 127.0.0.1 - - [20/Dec/2017:21:10:31 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 172.16.111.1 - xie [20/Dec/2017:21:10:38 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0" 172.16.111.1 - xie [20/Dec/2017:21:10:38 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0" 172.16.111.1 - xie [20/Dec/2017:21:10:39 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
相關文章
- 1. Apache用戶認證、Apache域名跳轉、Apache訪問日誌
- 2. Apache用戶認證,域名跳轉,Apache訪問日誌
- 3. Apache用戶認證、域名跳轉、Apache訪問日誌
- 4. Apache用戶認證 域名跳轉 Apache訪問日誌
- 5. Apache用戶認證;域名跳轉;Apache訪問日誌
- 6. apache用戶認證-域名跳轉-apache訪問日誌
- 7. 171220---LAMP Apache用戶認證, 域名跳轉 ,Apache訪問日誌
- 8. Apache用戶認證,域名跳轉,Apache訪問日誌
- 9. Apache用戶認證、域名跳轉及Apache訪問日誌
- 10. LAMP ---Apache用戶認證、域名跳轉、Apache訪問日誌介紹······
- 更多相關文章...
- • Docker 安裝 Apache - Docker教程
- • 網站 域名 - 網站主機教程
- • Java Agent入門實戰(一)-Instrumentation介紹與使用
- • PHP Ajax 跨域問題最佳解決方案
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Apache用戶認證、Apache域名跳轉、Apache訪問日誌
- 2. Apache用戶認證,域名跳轉,Apache訪問日誌
- 3. Apache用戶認證、域名跳轉、Apache訪問日誌
- 4. Apache用戶認證 域名跳轉 Apache訪問日誌
- 5. Apache用戶認證;域名跳轉;Apache訪問日誌
- 6. apache用戶認證-域名跳轉-apache訪問日誌
- 7. 171220---LAMP Apache用戶認證, 域名跳轉 ,Apache訪問日誌
- 8. Apache用戶認證,域名跳轉,Apache訪問日誌
- 9. Apache用戶認證、域名跳轉及Apache訪問日誌
- 10. LAMP ---Apache用戶認證、域名跳轉、Apache訪問日誌介紹······