11.18 Apache用户认证 11.19/11.20 域名跳转 11.21 Apache访问日志

时间  2019-11-10
标签 11.18 apache 用户 认证 11.19 11.20 域名 11.21 访问 日志 栏目 Apache 繁體版
原文   原文链接

11.18 Apache用户认证

htpasswd命令

>htpasswd命令是Apache的Web服务器内置工具,用于建立和更新储存用户名、域和用户基本认证的密码文件。php

语法: htpasswd [option] [参数]
Options:
-c:=create,建立一个加密文件
-n:不更新加密文件,只将更新后的用户名密码显示在屏幕上
-m:使用MD5算法对密码进行加密(默认)
-d:使用CRYPT算法对密码进行加密
-p:不对密码进行加密,即明文密码
-s:使用SHA算法对密码进行加密
-b:在命令行一并输入用户名和密码,而不是根据提示输入密码
-D:删除指定用户html

 

 

 

 

注意: 本章使用浏览器进行检测的前提是在物理机hosts文件添加虚拟机IP和虚拟主机域名。算法

配置用户认证

编辑虚拟主机配置文件“httpd-vhosts.conf”apache

[root@cham002 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <Directory /data/wwwroot/www.123.com> //指定认证的目录
        AllowOverride AuthConfig //这个至关于打开认证的开关
        AuthName "123.com user auth" //自定义认证的名字,做用不大
        AuthType Basic //认证的类型,通常为Basic,其余类型阿铭没用过
        AuthUserFile /data/.htpasswd  //指定密码文件所在位置
        require valid-user //指定须要认证的用户为所有可用用户
    </Directory>
  ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

建立“httpd-vhosts.conf”中指定的密码文件vim

[root@cham002 ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd cham
New password: 
Re-type new password: 
Adding password for user cham
[root@cham002 ~]# ls /data/.htpasswd 
/data/.htpasswd
[root@cham002 ~]# cat !$
cat /data/.htpasswd
cham:$apr1$4BnJRu4M$a7z1rY3N4sOXedzqxMRJ./


[root@cham002 ~]# /usr/local/apache2.4/bin/htpasswd  -m /data/.htpasswd cham1
New password: 
Re-type new password: 
Adding password for user cham1
[root@cham002 ~]# cat /data/.htpasswd
cham:$apr1$4BnJRu4M$a7z1rY3N4sOXedzqxMRJ./
cham1:$apr1$jooZfWYc$CR.Lvnq0FwcL8U2ZxBRqc0

即,在“/data/.htpasswd”为用户adai(自动建立)建立一个使用MD5算法加密的密码文件。
注意: 只有在第一次建立该文件时加-c选项。浏览器

配置完成后从新加载服务器

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful

测试curl

[root@cham002 ~]# curl -x127.0.0.1:80 111.com
welcome to 111.comcurl -x127.0.0.1:80 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:01:39 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8


是失败的

用浏览器测试也是没有生效,我已经定义物理机hosts文件添加虚拟机IP和虚拟主机域名,那我检查一下配置文件。ide

发现Directory /data/wwwroot/www.111.com 前面多了www,把它去掉后从新加载工具

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful

[root@cham002 ~]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[root@cham002 ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 401 Unauthorized
Date: Wed, 20 Dec 2017 13:02:34 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

正确密码
[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:123456 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:09:03 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

错误密码
[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:12345 111.com -I
HTTP/1.1 401 Unauthorized
Date: Wed, 20 Dec 2017 13:09:18 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

此时提示状态码为“401”,说明当前所访问的内容须要进行用户认证。

状态码“200”,即访问成功。

浏览器测试

对网站中指定文件设置用户认证!

虚拟主机配置

[root@cham002 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
       # <Directory /data/wwwroot/111.com>
        <FilesMatch 123.php>             增长FilesMatch 123.PHP
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>                        增长对应标签
   # </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

说明: 注释掉< Directory >,取消对目录设定的用户认证,更改成< FilesMatch>,即对文件设定用户认证。

检测

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful


[root@cham002 ~]# vim /data/wwwroot/111.com/123.php
<?php
echo " hello 123.php";
~                        
:wq

[root@cham002 ~]# !curl
curl -x127.0.0.1:80 -ucham:12345 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:22:38 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8

[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:12345 111.com
welcome to 111.com

[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:12345 111.com/123.php    由于密码错误这个时候401了
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[root@cham002 ~]# curl -x127.0.0.1:80 -ucham:123456 111.com/123.php
 hello 123.php[root@cham002 ~]#

 

 

11.19-11.20 域名跳转

域名跳转分类及区别

种类:

301表示永久跳转;302表示临时跳转。

区别:

  • 使用效果不一样
    • 302跳转是暂时的跳转,搜索引擎会抓取新的内容而保留旧的网址。由于服务器返回302代码,搜索引擎认为新的网址只是暂时的。
    • 301重定向是永久的重定向,搜索引擎在抓取新内容的同时也将旧的网址替换为重定向以后的网址。
  • SEO使用方式不一样
    在搜索引擎优化中302跳转被众多黑帽SEO优化人员追求,对网站进行恶意302跳转至非用户目标访问网站,所以搜索引擎对于网站的302跳转一般是比较不友好,因此要慎用302跳转!

SEO

SEO(Search Engine Optimization)搜索引擎优化,在了解搜索引擎天然排名机制的基础上,对网站进行内部及外部的调整优化,改进网站在搜索引擎中的关键词天然排名,得到更多流量,从而达成网站销售及品牌建设的预期目标。

 

     

域名跳转配置

配置虚拟主机配置文件:httpd-vhosts.conf

vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
       # <Directory /data/wwwroot/111.com>
       # <FilesMatch 123.php>
       # AllowOverride AuthConfig
       # AuthName "111.com user auth"
       # AuthType Basic
       #AuthUserFile /data/.htpasswd 
       # require valid-user
       #</FilesMatch>
       # </Directory>
       <IfModule mod_rewrite.c> #须要mod_rewrite的支持
        RewriteEngine on        #开启rewrite功能
        RewriteCond %{HTTP_HOST} !^111.com$  #Cond=condition,定义rewrite条件:全部非111.com的主机名(域名)
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]  #定义rewrite规则:当知足上面条件时才执行当前规则,即跳转到111.com。
       </IfModule>

    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

检查系统配置:

检测

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite 
[root@cham002 ~]# vi /usr/local/apache2.4/conf/httpd.conf   把rewrite 的#号去掉。以下图
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
 rewrite_module (shared)

即,去掉注释符号“#”,加载rewrite模块。

在此检查Apache是否加载了虚拟主机配置中调用的rewrite模块,若是没有加载,须要编辑Apache配置文件“httpd.conf”:

使用curl检测:

[root@cham002 ~]# curl -x127.0.0.1:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 20 Dec 2017 14:00:44 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1

welcome to 111.com[root@cham002 ~]# curl -x127.0.0.1:80 2111.com.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/">here</a>.</p>
</body></html>

此时,状态码为301,即设定了域名永久跳转!

在浏览器进行检测时,访问“www.2111.com.cn”会直接跳转到“111.com”。

 

11.21 Apache访问日志

日志文件所在位置:

[root@cham002 ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  111.com-error_log  
abc.com-access_log  abc.com-error_log  
access_log  error_log  httpd.pid

即:有combine和common两种格式,默认使用common模式。

[root@cham002 ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.230.135 - - [19/Dec/2017:21:45:08 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
192.168.230.135 - - [19/Dec/2017:21:47:17 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:20:51:56 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:20:52:17 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.230.1 - - [20/Dec/2017:20:59:15 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:20:59:15 +0800] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - - [20/Dec/2017:21:01:31 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:21:01:39 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.230.1 - - [20/Dec/2017:21:01:46 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:47 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:47 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:47 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:48 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - - [20/Dec/2017:21:01:52 +0800] "GET / HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:21:02:22 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
127.0.0.1 - - [20/Dec/2017:21:02:34 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
192.168.230.1 - - [20/Dec/2017:21:02:40 +0800] "GET / HTTP/1.1" 401 381
192.168.230.1 - cham [20/Dec/2017:21:07:54 +0800] "GET / HTTP/1.1" 200 18
127.0.0.1 - cham [20/Dec/2017:21:09:03 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - cham [20/Dec/2017:21:09:18 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
127.0.0.1 - cham [20/Dec/2017:21:22:38 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - cham [20/Dec/2017:21:22:46 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - cham [20/Dec/2017:21:23:09 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 401 381
192.168.230.1 - cham [20/Dec/2017:21:24:09 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - cham [20/Dec/2017:21:24:17 +0800] "GET /123.php HTTP/1.1" 200 14
127.0.0.1 - - [20/Dec/2017:21:24:48 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 401 381
127.0.0.1 - cham [20/Dec/2017:21:24:58 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:08 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:09 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - cham [20/Dec/2017:21:25:12 +0800] "GET /123.php HTTP/1.1" 200 14
192.168.230.1 - - [20/Dec/2017:21:43:17 +0800] "GET /123.php HTTP/1.1" 401 381
127.0.0.1 - - [20/Dec/2017:22:00:14 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 18
127.0.0.1 - - [20/Dec/2017:22:00:34 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223
127.0.0.1 - - [20/Dec/2017:22:00:44 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.230.1 - - [20/Dec/2017:22:02:07 +0800] "GET / HTTP/1.1" 301 223
192.168.230.1 - cham [20/Dec/2017:22:02:07 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - cham [20/Dec/2017:22:02:07 +0800] "GET / HTTP/1.1" 200 18
192.168.230.1 - cham [20/Dec/2017:22:02:33 +0800] "GET / HTTP/1.1" 200 18

自定义日志格式

系统自带日志格式,打开主配置文件

[root@cham002 ~]# vim /usr/local/apache2.4/conf/httpd.conf
/Log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
#h表示host来源IP,l表示login用户,u表示user用户密码,t表示time时间,r表示request(行为),s表示status状态码,b表示byte大小
#user-agent:用户代理
#referer:跳转到当前位置的上一个网址(即:提供当前IP的网站)

即:有combine和common两种格式,默认使用common模式。

配置日志格式

编辑虚拟主机配置文件“httpd-vhosts.conf”:

[root@cham002 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com 2111.com.cn
       # <Directory /data/wwwroot/111.com>
       # <FilesMatch 123.php>
       # AllowOverride AuthConfig
       # AuthName "111.com user auth"
       # AuthType Basic
       #AuthUserFile /data/.htpasswd 
       # require valid-user
       #</FilesMatch>
       # </Directory>
       <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
       </IfModule>

    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined

说明: 将日志文件后面原有 common改成combined

从新加载:

[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@cham002 ~]# /usr/local/apache2.4/bin/apachectl graceful

样式:

[root@cham002 ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
仅复制一小部分新生成的
192.168.230.1 - cham [20/Dec/2017:22:26:44 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:44 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:45 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:46 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
192.168.230.1 - cham [20/Dec/2017:22:26:46 +0800] "GET / HTTP/1.1" 200 18 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程