LAMP ---Apache用户认证、域名跳转、Apache访问日志介绍······

时间  2019-11-13
标签 lamp apache 用户 认证 域名 访问 日志 介绍 栏目 Apache 繁體版
原文   原文链接

Apache 默认虚拟主机配置

  • 一台服务器能够访问多个网站,每一个网站都是一个虚拟主机
  • 概念:域名(主机名)、DNS、解析域名、hosts
  • 任何一个域名解析到这台机器,均可以访问的虚拟主机就是默认虚拟主机
  • vim /usr/local/apache2/conf/httpd.conf //搜索httpd-vhost,去掉#
  • vim /usr/local/apache2/conf/extra/httpd-vhosts.conf //改成以下
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "111.com"
    ServerName 111.com 
    ServerAlias www.example.com
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

  • /usr/local/apache2/bin/apachectl –tjavascript

  • /usr/local/apache2/bin/apachectl gracefulphp

  • mkdir -p /data/wwwroot/abc.comcss

  • mkdir -p/data/wwwroot/111.comhtml

  • vim /data/wwwroot/abc.com/index.phpjava

<?php
echo "abc.com";
?>
  • vim /data/wwwroot/111.com/index.php
<?php
echo "111.com";
?>

Apache用户认证(针对目录)

这个功能就是在用户访问网站的时候,须要输入用户密码才能顺利访问。一些比较重要的站点或者网站后台一般会加上用户认证,目的是保证安全。python

1.虚拟主机的配置文件:

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 编辑配置文件linux

更改111.com的虚拟主机认证内容以下:apache

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
     <Directory /data/wwwroot/111.com> 
        AllowOverride AuthConfig 
        AuthName "111.com user auth" 
        AuthType Basic 
        AuthUserFile /data/.htpasswd  
        require valid-user    
    </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

注释:vim

<Directory /data/wwwroot/111.com> //指定认证的目录    

        AllowOverride AuthConfig //这个至关于打开认证的开关

        AuthName "111.com user auth" //自定义认证的名字,做用不大

        AuthType Basic //认证的类型,通常为Basic,其余类型阿铭没用过

        AuthUserFile /data/.htpasswd  //指定密码文件所在位置

        require valid-user //指定须要认证的用户为所有可用用户

    </Directory>

2.Apache自带命令htpasswd建立密码文件

[root@xuexi-001 ~]# /usr/local/apache2/bin/htpasswd -c -m /data/.htpasswd guo
New password:      //新建密码
Re-type new password:   //再次输入密码
Adding password for user guo


[root@xuexi-001 ~]# ls /data/.htpasswd  //查看建立密码文件
/data/.htpasswd
[root@xuexi-001 ~]# cat /data/.htpasswd //查看生成用户密码
guo:$apr1$9HwvE/Zz$65C8zBbv0d3lViWpCpq2U/

再建立一个用户并生成密码文件windows

[root@xuexi-001 ~]# /usr/local/apache2/bin/htpasswd -c -m /data/.htpasswd laoshi
New password: 
Re-type new password: 
Adding password for user laoshi
[root@xuexi-001 ~]# ls /data/.htpasswd 
/data/.htpasswd
[root@xuexi-001 ~]# cat /data/.htpasswd 
laoshi:$apr1$xwJc0bq2$dRFFgywsDVUmP6Bf5bkXd1

备注:

须要注意的是,再次生成用户密码文件的时候不用加-c 若是加上-c 会将以前生成的密码文件 .htpasswd 覆盖

[root@xuexi-001 ~]# /usr/local/apache2/bin/htpasswd  -m /data/.htpasswd guo
New password: 
Re-type new password: 
Adding password for user guo
[root@xuexi-001 ~]# ls /data/.htpasswd 
/data/.htpasswd
[root@xuexi-001 ~]# cat /data/.htpasswd 
laoshi:$apr1$xwJc0bq2$dRFFgywsDVUmP6Bf5bkXd1
guo:$apr1$CnZW7fTB$IewDNgxjxk.EhQcTai5Lz0

说明:

-c:是建立;

-m:是指定md5加密类型;

指定用户为xie(PS:若是再次新增用户,就不须要再加-c ,由于已经建立过密码文件了);

3.测试语法和加载配置文件

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

4.测试配置是否成功

[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

访问111.com,出现401状态码,说明访问的这个域名须要用户认证。

在本地windows系统里作hosts解析111.com ,C:\Windows\System32\drivers\etc,格式:192.168.5.130 111.com

定义完本地hosts后,用浏览器访问111.com网站时就会出现用户认证,用户密码就是刚才增长的用户和设置的密码

5.使用curl -x输入用户名密码访问

[root@xuexi-001 ~]# curl -x192.168.5.130:80 -u guo:111111 111.com -I
HTTP/1.1 200 OK
Date: Wed, 27 Jun 2018 15:35:24 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8

说明:状态码变成200了,就是正常的,-u的做用是指定用户和密码。 -I 只显示请求头的信息

6.还能够针对单个文件进行认证(针对文件)

修改虚拟主机配置文件

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
     <FilesMatch 123.php>   
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
     </FilesMatch>
     ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
     <FilesMatch 123.php>   //这里改成制定为文件,对123.php 文件作限制
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
     </FilesMatch>
     ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

在111.com目录下编辑建立测试文件123.php

[root@xuexi-001 ~]# vi /data/wwwroot/111.com/123.php
<?php
echo"123.php";
?>
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

用curl -x访问:

[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com -I //不用-u加用户和密码了,也能够访问,出现200状态码 
HTTP/1.1 200 OK
Date: Wed, 27 Jun 2018 16:03:00 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8

[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/123.php -I  //可是访问文件123.php时就出现401了,说明须要用户认证了
HTTP/1.1 401 Unauthorized
Date: Wed, 27 Jun 2018 16:04:40 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1


[root@xuexi-001 ~]# curl -x192.168.5.130:80 -u guo:111111  111.com/123.php -I   //只有用-u加用户和密码才能正常访问123.php。
HTTP/1.1 200 OK
Date: Wed, 27 Jun 2018 16:05:34 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8

[root@xuexi-001 ~]# curl -x192.168.5.130:80 -u guo:111111  111.com/123.php 
123.php[root@xuexi-001 ~]#
//使用用户验证后查看文件内容

域名跳转

域名跳转的做用有两点:

1.若是某个域名再也不使用了,可是搜索引擎还留着以前的老域名的连接,这意味着用户可能会搜到咱们的网站而且点击老的域名,固须要把老域名作个跳转跳到新域名,这样用户搜的时候,也能够访问网站。

2.一个站点有多个域名会对SEO的排名有影响,若是把多个域名所有跳转到一个指定的域名,这样以这个域名为中心,就能够把权重集中在这个域名上,并给定义一个状态码为301,301叫做永久重定向。

需求,把非111.com域名跳转到111.com。

1.编辑虚拟主机配置文件

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf

2.修改增长以下内容:

<VirtualHost *:80>

    DocumentRoot "/data/wwwroot/111.com"

    ServerName 111.com

    ServerAlias www.example.com  aabbcc.com

    <IfModule mod_rewrite.c> 

        RewriteEngine on  

        RewriteCond %{HTTP_HOST} !^111.com$  

        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L] 

     </IfModule>

</VirtualHost>
<IfModule mod_rewrite.c>  //须要mod_rewrite模块支持
        RewriteEngine on   //打开rewrite功能        
        RewriteCond %{HTTP_HOST} !^111.com$  //定义rewrite的条件,主机名(域名)不是111.com知足条件      
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
        //定义rewrite规则,当知足上面的条件时,这条规则才会执行
     </IfModule>

3.检测语法及从新加载配置:

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

4.检测apache是否加载了rewrite模块:

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -M|grep -i rewrite

//若无该模块,须要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的#

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf

#LoadModule rewrite_module modules/mod_rewrite.so

//进入配置文件,搜索rewrite,把前面#去掉

LoadModule rewrite_module modules/mod_rewrite.so

5.检测语法及从新加载配置,查看加载模块:

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

6.测试

[root@xuexi-001 ~]# curl -x192.168.5.130:80 www.example.com -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 27 Jun 2018 16:55:09 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1

[root@xuexi-001 ~]# curl -x192.168.5.130:80 aabbcc.com -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 27 Jun 2018 16:55:19 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1

[root@xuexi-001 ~]# curl -x192.168.5.130:80 www.123456.com -I
HTTP/1.1 200 OK
Date: Wed, 27 Jun 2018 16:57:00 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8

[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/asd/123/345  -I
HTTP/1.1 404 Not Found
Date: Wed, 27 Jun 2018 16:57:36 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1


[root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf

 Require all granted 改成
 Require all denied
 
 [root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/asd/123/345  -I
HTTP/1.1 403 Forbidden
Date: Wed, 27 Jun 2018 17:05:20 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1

说明:

-I 不显示访问内容,只看状态码

404 这个页面不存在

301 永久跳转

401 用户密码验证,密码验证不对就401,验证对了就200

403 把granted改为denied就会403

Apache访问日志

访问日志的做用很大,不只能够记录网站的访问日志,还能够在网站有异常发生时帮助咱们定位问题,好比有***时,是能够经过查看日志看到一些规律的.日志记录了不少系统的信息,经过读日志,能够找到系统问题的缘由。而日志有不一样的格式,分为common和combined,combined能够记录更多的信息。

1.查看默认配置文件日志

[root@xuexi-001 ~]# ls /usr/local/apache2/logs/
111.com-access_log  abc.com-access_log  access_log
111.com-error_log   abc.com-error_log   error_log
[root@xuexi-001 ~]# ls /usr/local/apache2/logs/111.com-access_log 
/usr/local/apache2/logs/111.com-access_log
[root@xuexi-001 ~]# cat /usr/local/apache2/logs/111.com-access_log 
192.168.5.130 - - [27/Jun/2018:22:39:20 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7
192.168.5.130 - - [27/Jun/2018:22:40:40 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.5.130 - - [27/Jun/2018:22:40:50 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.5.130 - - [27/Jun/2018:22:41:21 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7
192.168.5.130 - - [27/Jun/2018:23:27:11 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
192.168.5.1 - - [27/Jun/2018:23:29:43 +0800] "GET /favicon.ico HTTP/1.1" 401 381
192.168.5.1 - - [27/Jun/2018:23:29:44 +0800] "GET / HTTP/1.1" 401 381
192.168.5.1 - - [27/Jun/2018:23:29:45 +0800] "GET / HTTP/1.1" 401 381
192.168.5.1 - guo [27/Jun/2018:23:29:55 +0800] "GET / HTTP/1.1" 200 7
192.168.5.1 - guo [27/Jun/2018:23:29:55 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.5.1 - - [27/Jun/2018:23:30:08 +0800] "GET / HTTP/1.1" 401 381
192.168.5.1 - - [27/Jun/2018:23:31:22 +0800] "GET /favicon.ico HTTP/1.1" 401 381
192.168.5.130 - guo [27/Jun/2018:23:33:18 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.5.130 - guo [27/Jun/2018:23:33:33 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.5.130 - guo [27/Jun/2018:23:35:05 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.5.130 - guo [27/Jun/2018:23:35:24 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.5.130 - guo [27/Jun/2018:23:41:32 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.5.130 - guo [27/Jun/2018:23:41:38 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.5.130 - - [28/Jun/2018:00:03:00 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.5.130 - - [28/Jun/2018:00:04:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
192.168.5.130 - guo [28/Jun/2018:00:05:34 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.5.130 - guo [28/Jun/2018:00:06:16 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - - [28/Jun/2018:00:46:52 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 -
192.168.5.130 - - [28/Jun/2018:00:49:20 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 -
192.168.5.1 - - [28/Jun/2018:00:50:49 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.5.1 - - [28/Jun/2018:00:50:52 +0800] "GET / HTTP/1.1" 200 7
192.168.5.1 - - [28/Jun/2018:00:50:52 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.5.1 - - [28/Jun/2018:00:51:04 +0800] "GET /1.php HTTP/1.1" 404 203
192.168.5.1 - - [28/Jun/2018:00:51:04 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.5.1 - - [28/Jun/2018:00:51:22 +0800] "GET /123.php HTTP/1.1" 200 7
192.168.5.1 - - [28/Jun/2018:00:51:22 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.5.130 - - [28/Jun/2018:00:53:27 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
192.168.5.130 - - [28/Jun/2018:00:55:09 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 -
192.168.5.130 - - [28/Jun/2018:00:55:19 +0800] "HEAD HTTP://aabbcc.com/ HTTP/1.1" 301 -
192.168.5.130 - - [28/Jun/2018:00:57:36 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -
192.168.5.130 - - [28/Jun/2018:01:05:20 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 403 -
192.168.5.130 - - [28/Jun/2018:01:06:07 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -

2.介绍日志配置文件格式

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

访问日志记录用户的每个请求说明以下:

%h:为访问网站的IP;

%l:为访问远程登陆名,这个字段基本上为"-";

%u:为用户名,当使用用户认证时,这个字段为认证的用户名;

%t:为时间;

%r:为请求的动做(好比用ctrl-I是就为HEADE);

%s:为请求的状态,写成%>s为最后的状态码;

%b:为传输数据大小;

%{Referer}i:为referer信息(请求本次地址上一次的地址就为referer,好比在百度中搜索阿铭linux,而后经过百度的搜索结果页面点击而后到了阿名的论坛,那访问阿铭的论坛的此次请求的referer就是baidu,固然那个地址确定是很长的);

%{User-Agent}i:为浏览器标识,好比你用Firefox或者Chrome浏览器,则该字段显示内容不同,是带有浏览器的标识的。

3.定义虚拟主机配置文本日志格式:

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
把common日志格式格式改为combined日志格式,示例以下:

ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined

4.测试语法及从新加载配置

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

5.作几个操做命令后查看日志

iptables -I INPUT -p tcp --dport 80 -j ACCEPT // 临时打开80端口

[root@xuexi-001 ~]# curl -x 192.168.5.130:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 15:08:27 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8


[root@xuexi-001 ~]# curl -x 192.168.5.130:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 15:08:47 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8


[root@xuexi-001 ~]# tail  /usr/local/apache2/logs/111.com-access_log 
192.168.5.130 - - [28/Jun/2018:23:08:27 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.5.130 - - [28/Jun/2018:23:08:47 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"

访问日志不记录静态文件

网站大多元素为静态文件,如图片、css、js等,这些元素能够不用记录

将一下内容拷贝至虚拟主机配置文件 /usr/local/apache2/conf/extra/httpd-vhosts.conf

  • SetEnvIf Request_URI ".*.gif$" img
  • SetEnvIf Request_URI ".*.jpg$" img
  • SetEnvIf Request_URI ".*.png$" img
  • SetEnvIf Request_URI ".*.bmp$" img
  • SetEnvIf Request_URI ".*.swf$" img
  • SetEnvIf Request_URI ".*.js$" img
  • SetEnvIf Request_URI ".*.css$" img CustomLog "logs/123.com-access_log" combined env=!img

1.修改配置文件

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 

 ErrorLog "logs/111.com-error_log"
    SetEnvIf Request_URI ".*\.gif$" img
    SetEnvIf Request_URI ".*\.jpg$" img 
    SetEnvIf Request_URI ".*\.png$" img
    SetEnvIf Request_URI ".*\.bmp$" img
    SetEnvIf Request_URI ".*\.swf$" img
    SetEnvIf Request_URI ".*\.js$" img
    SetEnvIf Request_URI ".*\.css$" img
    CustomLog "logs/111.com-access_log" combined  env=!img

2.测试语法及从新加载配置

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

3.测试记录日志文件,访问后缀jpg、gif、png、bmp、swf、js、css的文件不被记录,后缀为jpg1等不包括以上后缀名的会被记录

[root@xuexi-001 ~]# curl -x 192.168.5.130:80 111.com/123.jpg1 -I
HTTP/1.1 404 Not Found
Date: Thu, 28 Jun 2018 15:45:29 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1

[root@xuexi-001 ~]# tail /usr/local/apache2/logs/111.com-access_log 
192.168.5.130 - - [28/Jun/2018:00:55:09 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 -
192.168.5.130 - - [28/Jun/2018:00:55:19 +0800] "HEAD HTTP://aabbcc.com/ HTTP/1.1" 301 -
192.168.5.130 - - [28/Jun/2018:00:57:36 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -
192.168.5.130 - - [28/Jun/2018:01:05:20 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 403 -
192.168.5.130 - - [28/Jun/2018:01:06:07 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -
comdined
comdined
192.168.5.130 - - [28/Jun/2018:23:08:27 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.5.130 - - [28/Jun/2018:23:08:47 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.5.130 - - [28/Jun/2018:23:45:29 +0800] "HEAD HTTP://111.com/123.jpg1 HTTP/1.1" 404 - "-" "curl/7.29.0"
[root@xuexi-001 ~]# curl -x 192.168.5.130:80 111.com/123.jpg -I
HTTP/1.1 404 Not Found
Date: Thu, 28 Jun 2018 15:47:30 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Content-Type: text/html; charset=iso-8859-1

[root@xuexi-001 ~]# tail /usr/local/apache2/logs/111.com-access_log 
192.168.5.130 - - [28/Jun/2018:00:55:09 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 -
192.168.5.130 - - [28/Jun/2018:00:55:19 +0800] "HEAD HTTP://aabbcc.com/ HTTP/1.1" 301 -
192.168.5.130 - - [28/Jun/2018:00:57:36 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -
192.168.5.130 - - [28/Jun/2018:01:05:20 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 403 -
192.168.5.130 - - [28/Jun/2018:01:06:07 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -
comdined
comdined
192.168.5.130 - - [28/Jun/2018:23:08:27 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.5.130 - - [28/Jun/2018:23:08:47 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.5.130 - - [28/Jun/2018:23:45:29 +0800] "HEAD HTTP://111.com/123.jpg1 HTTP/1.1" 404 - "-" "curl/7.29.0"

访问日志切割

  • 日志一直记录总有一天会把整个磁盘占满,因此有必要让它自动切割,并删除老的日志文件
  • 把虚拟主机配置文件改为以下:
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/www.123.com"
    ServerName www.123.com
    ServerAlias 123.com
   SetEnvIf Request_URI ".*\.gif$" img
    SetEnvIf Request_URI ".*\.jpg$" img
    SetEnvIf Request_URI ".*\.png$" img
    SetEnvIf Request_URI ".*\.bmp$" img
    SetEnvIf Request_URI ".*\.swf$" img
    SetEnvIf Request_URI ".*\.js$" img
    SetEnvIf Request_URI ".*\.css$" img 
    CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img
</VirtualHost>
  • 从新加载配置文件 -t, graceful
  • ls /usr/local/apache2.4/logs

1.修改配置文件

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 
修改  CustomLog "logs/111.com-access_log" combined  env=!img

修改完后:
 CustomLog "|/usr/local/apache2/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined  env=!img

说明:

|/usr/local/apache2/bin/rotatelogs // Apache 专门进行日志切割的工具

-l // 指定按照CST 当前时间为基准,若是不指定按照UTC 美国时间

111.com-access_%Y%m%d.log // 按照时间记录 %Y%m%d 年月日命名

86400 // 按天生成 指定天天换算成秒 为86400 秒

2.测试语法及从新加载配置

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

3.先进行访问,才会记录文件。测试

[root@xuexi-001 ~]# ls /usr/local/apache2/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log

···目前尚未生成新的文件

访问:

[root@xuexi-001 ~]# curl -x 192.168.5.130:80 111.com/123.php -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 16:18:05 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
X-Powered-By: PHP/5.6.36
Content-Type: text/html; charset=UTF-8

[root@xuexi-001 ~]# ls /usr/local/apache2/logs/
111.com-access_20180629.log  111.com-error_log   abc.com-error_log  error_log
111.com-access_log           abc.com-access_log  access_log         httpd.pid

备注:

此时,须要作一个任务计划,将超过多久的日志文件进行删除。

静态元素过时时间

  • 浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问时就不用去远程下载了
  • 增长配置
<IfModule mod_expires.c>
    ExpiresActive on  //打开该功能的开关
    ExpiresByType image/gif  "access plus 1 days"
    ExpiresByType image/jpeg "access plus 24 hours"
    ExpiresByType image/png "access plus 24 hours"
    ExpiresByType text/css "now plus 2 hour"
    ExpiresByType application/x-javascript "now plus 2 hours"
    ExpiresByType application/javascript "now plus 2 hours"
    ExpiresByType application/x-shockwave-flash "now plus 2 hours"
    ExpiresDefault "now plus 0 min"
</IfModule>
  • 须要expires_module
  • curl测试,看cache-control: max-age

1.修改配置文件

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 

<IfModule mod_expires.c>
    ExpiresActive on  
    ExpiresByType image/gif  "access plus 1 days"
    ExpiresByType image/jpeg "access plus 24 hours"
    ExpiresByType image/png "access plus 24 hours"
    ExpiresByType text/css "now plus 2 hour"
    ExpiresByType application/x-javascript "now plus 2 hours"
    ExpiresByType application/javascript "now plus 2 hours"
    ExpiresByType application/x-shockwave-flash "now plus 2 hours"
    ExpiresDefault "now plus 0 min"
</IfModule>

说明:打开mod_expires.c 过时时间模块

[root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf
#LoadModule expires_module modules/mod_expires.so
// 将上面这一行中的#去掉修改成:
LoadModule expires_module modules/mod_expires.so
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -M |grep expir
 expires_module (shared)

2.测试语法及从新加载配置

[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t
Syntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful

3.网页测试

image

4.命令行下测试

[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/baidu.jpg -I
HTTP/1.1 200 OK
Date: Thu, 28 Jun 2018 16:52:16 GMT
Server: Apache/2.4.33 (Unix) PHP/5.6.36
Last-Modified: Thu, 28 Jun 2018 16:33:20 GMT
ETag: "30ed-56fb64a095b87"
Accept-Ranges: bytes
Content-Length: 12525
Cache-Control: max-age=86400
Expires: Fri, 29 Jun 2018 16:52:16 GMT
Content-Type: image/jpeg
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程