linux的Apache用户认证、域名跳转、Apache访问日志介绍
Apache用户认证(针对目录)
这个功能就是在用户访问网站的时候,须要输入用户密码才能顺利访问。一些比较重要的站点或者网站后台一般会加上用户认证,目的是保证安全。php
- 虚拟主机的配置文件:
编辑配置文件
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
更改111.com的虚拟主机认证内容以下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com> //指定认证的目录
AllowOverride AuthConfig //这个至关于打开认证的开关
AuthName "111.com user auth" //自定义认证的名字,做用不大
AuthType Basic //认证的类型,通常为Basic,其余类型阿铭没用过
AuthUserFile /data/.htpasswd //指定密码文件所在位置
require valid-user //指定须要认证的用户为所有可用用户
</Directory>
</VirtualHost>
最终保存文件,示例以下:
2.Apache自带命令htpasswd建立密码文件html
[root@gary-tao local]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xie //建立用户密码文件 New password: //新建密码 Re-type new password: //新建密码 Adding password for user xie [root@gary-tao local]# ls /data/.htpasswd //查看密码文件 /data/.htpasswd [root@gary-tao local]# cat /data/.htpasswd //查看生成用户密码 xie:$apr1$h/QEC7nC$hNNV080nvhSI2jWCQLt7M0 [root@gary-tao local]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd aming //再增长一个用户 New password: Re-type new password: Adding password for user aming [root@gary-tao local]# cat /data/.htpasswd xie:$apr1$h/QEC7nC$hNNV080nvhSI2jWCQLt7M0 aming:$apr1$At/pBlDA$4IYzNISYUew9ELrea5dP7.
说明:
- -c:是建立;
- -m:是指定md5加密类型;
- 指定用户为xie(PS:若是再次新增用户,就不须要再加-c ,由于已经建立过密码文件了);
3.测试语法和加载配置文件linux
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
4.测试配置是否成功apache
- 访问111.com,出现401状态码,说明访问的这个域名须要用户认证。
[root@gary-tao local]# curl -x127.0.0.1:80 111.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>
- 在本地windows系统里作hosts解析111.com
路径:C:\Windows\System32\drivers\etc
格式:172.16.111.100 111.comvim
- 定义完本地hosts后,用浏览器访问111.com网站时就会出现用户认证,用户密码就是刚才增长的用户和设置的密码
5.使用curl -x输入用户名密码访问。windows
用法
[root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 10:51:28 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8
说明:状态码变成200了,就是正常的,-u的做用是指定用户和密码。
6.还能够针对单个文件进行认证(针对文件)浏览器
示例内容:安全
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<FilesMatch admin.php> //跟上面的不一样的是这行,上面是指定认证的目录,这里是指定单个文件。
AllowOverride AuthConfig
AuthName "123.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch> //这行也不一样
</VirtualHost>
- 在配置文件修改为如下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
#</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
- 更改完成后测试语法及从新加载配置文件:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
- 在111.com目录下编辑建立测试文件123.PHP。
[root@gary-tao local]# vim /data/wwwroot/111.com/123.php
- 用curl -x访问:
[root@gary-tao local]# curl -x127.0.0.1:80 111.com -I //不用-u加用户和密码了,也能够访问,出现200状态码 HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 11:04:06 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# curl -x127.0.0.1:80 111.com/123.php -I //可是访问文件123.php时就出现401了,说明须要用户认证了 HTTP/1.1 401 Unauthorized Date: Wed, 20 Dec 2017 11:04:17 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 WWW-Authenticate: Basic realm="111.com user auth" Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com/123.php -I //只有用-u加用户和密码才能正常访问123.php。 HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 11:04:38 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com/123.php //进入到文件里。 123.php[root@gary-tao local]# [root@gary-tao local]#
域名跳转
域名跳转的做用有两点:
- 若是某个域名再也不使用了,可是搜索引擎还留着以前的老域名的连接,这意味着用户可能会搜到咱们的网站而且点击老的域名,固须要把老域名作个跳转跳到新域名,这样用户搜的时候,也能够访问网站。
- 一个站点有多个域名会对SEO的排名有影响,若是把多个域名所有跳转到一个指定的域名,这样以这个域名为中心,就能够把权重集中在这个域名上,并给定义一个状态码为301,301叫做永久重定向。
需求,把123.com域名跳转到www.123.com.
- 编辑配置文件
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
2.修改增长以下内容:curl
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c> //须要mod_rewrite模块支持
RewriteEngine on //打开rewrite功能
RewriteCond %{HTTP_HOST} !^www.123.com$ //定义rewrite的条件,主机名(域名)不是www.123.com知足条件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定义rewrite规则,当知足上面的条件时,这条规则才会执行
</IfModule>
</VirtualHost>
修改示例以下:
3.检测语法及从新加载配置:ide
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
4.检测apache是否加载了rewrite模块。
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //若无该模块,须要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的# [root@gary-tao local]# vi /usr/local/apache2.4/conf/httpd.conf //进入配置文件,搜索rewrite,把前面#去掉
示例以下:
5.检测语法及从新加载配置,查看加载模块:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //查看加载模块 rewrite_module (shared)
6.测试
[root@gary-tao local]# curl -x 127.0.0.1:80 -I 2111.com.cn HTTP/1.1 301 Moved Permanently Date: Wed, 20 Dec 2017 12:31:50 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Location: http://111.com/ Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x 127.0.0.1:80 2111.com.cn //看内容 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://111.com/">here</a>.</p> </body></html> [root@gary-tao local]# curl -x 127.0.0.1:80 2111.com.cn/adfjadfa/adfdafadfaf -I HTTP/1.1 301 Moved Permanently Date: Wed, 20 Dec 2017 12:34:05 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Location: http://111.com/adfjadfa/adfdafadfaf Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/adfjadfa/adfdafadfaf -I HTTP/1.1 404 Not Found Date: Wed, 20 Dec 2017 12:35:08 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1 [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 12:36:35 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# vi /usr/local/apache2.4/conf/httpd.conf [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 403 Forbidden Date: Wed, 20 Dec 2017 12:39:23 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 Content-Type: text/html; charset=iso-8859-1
说明:
- -I 不显示访问内容,只看状态码
- 404 这个页面不存在
- 301 永久跳转
- 401 用户密码验证,密码验证不对就401,验证对了就200
- 403 把granted改为denied就会403
Apache访问日志
访问日志的做用很大,不只能够记录网站的访问日志,还能够在网站有异常发生时帮助咱们定位问题,好比有***时,是能够经过查看日志看到一些规律的.日志记录了不少系统的信息,经过读日志,能够找到系统问题的缘由。而日志有不一样的格式,分为common和combined,combined能够记录更多的信息。
- 查看默认配置文件日志
[root@gary-tao local]# ls /usr/local/apache2.4/logs/ 111.com-access_log 111.com-error_log abc.com-access_log abc.com-error_log access_log error_log httpd.pid [root@gary-tao local]# ls /usr/local/apache2.4/logs/111.com-access_log /usr/local/apache2.4/logs/111.com-access_log [root@gary-tao local]# cat /usr/local/apache2.4/logs/111.com-access_log 172.16.111.1 - xie [20/Dec/2017:20:09:54 +0800] "GET / HTTP/1.1" 200 12 127.0.0.1 - - [20/Dec/2017:20:31:50 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 - 127.0.0.1 - - [20/Dec/2017:20:32:53 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223 127.0.0.1 - - [20/Dec/2017:20:34:05 +0800] "HEAD HTTP://2111.com.cn/adfjadfa/adfdafadfaf HTTP/1.1" 301 - 127.0.0.1 - - [20/Dec/2017:20:35:08 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 - 127.0.0.1 - - [20/Dec/2017:20:36:35 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - 127.0.0.1 - - [20/Dec/2017:20:39:23 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 - 127.0.0.1 - - [20/Dec/2017:20:40:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
2.介绍日志配置文件格式
[root@gary-tao local]# vim /usr/local/apache2.4/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
内容示例以下:
访问日志记录用户的每个请求说明以下:
- %h:为访问网站的IP;
- %l:为访问远程登陆名,这个字段基本上为"-";
- %u:为用户名,当使用用户认证时,这个字段为认证的用户名;
- %t:为时间;
- %r:为请求的动做(好比用ctrl-I是就为HEADE);
- %s:为请求的状态,写成%>s为最后的状态码;
- %b:为传输数据大小;
- %{Referer}i:为referer信息(请求本次地址上一次的地址就为referer,好比在百度中搜索阿铭linux,而后经过百度的搜索结果页面点击而后到了阿名的论坛,那访问阿铭的论坛的此次请求的referer就是baidu,固然那个地址确定是很长的);
- %{User-Agent}i:为浏览器标识,好比你用Firefox或者Chrome浏览器,则该字段显示内容不同,是带有浏览器的标识的。
3.定义虚拟主机配置文本日志格式:
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //进入配置文件
把common日志格式格式改为comdined日志格式,示例以下:
4.测试语法及从新加载配置
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
5.随便作几个操做命令,而后查看日志。
[root@gary-tao local]# !curl curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 13:10:16 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Wed, 20 Dec 2017 13:10:31 GMT Server: Apache/2.4.29 (Unix) PHP/7.1.6 X-Powered-By: PHP/7.1.6 Content-Type: text/html; charset=UTF-8 [root@gary-tao local]# tail /usr/local/apache2.4/logs/111.com-access_log 127.0.0.1 - - [20/Dec/2017:20:34:05 +0800] "HEAD HTTP://2111.com.cn/adfjadfa/adfdafadfaf HTTP/1.1" 301 - 127.0.0.1 - - [20/Dec/2017:20:35:08 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 - 127.0.0.1 - - [20/Dec/2017:20:36:35 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - 127.0.0.1 - - [20/Dec/2017:20:39:23 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 - 127.0.0.1 - - [20/Dec/2017:20:40:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - 127.0.0.1 - - [20/Dec/2017:21:10:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 127.0.0.1 - - [20/Dec/2017:21:10:31 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 172.16.111.1 - xie [20/Dec/2017:21:10:38 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0" 172.16.111.1 - xie [20/Dec/2017:21:10:38 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0" 172.16.111.1 - xie [20/Dec/2017:21:10:39 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
相关文章
- 1. Apache用户认证、Apache域名跳转、Apache访问日志
- 2. Apache用户认证,域名跳转,Apache访问日志
- 3. Apache用户认证、域名跳转、Apache访问日志
- 4. Apache用户认证 域名跳转 Apache访问日志
- 5. Apache用户认证;域名跳转;Apache访问日志
- 6. apache用户认证-域名跳转-apache访问日志
- 7. 171220---LAMP Apache用户认证, 域名跳转 ,Apache访问日志
- 8. Apache用户认证,域名跳转,Apache访问日志
- 9. Apache用户认证、域名跳转及Apache访问日志
- 10. LAMP ---Apache用户认证、域名跳转、Apache访问日志介绍······
- 更多相关文章...
- • Docker 安装 Apache - Docker教程
- • 网站 域名 - 网站主机教程
- • Java Agent入门实战(一)-Instrumentation介绍与使用
- • PHP Ajax 跨域问题最佳解决方案
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章
- 1. Apache用户认证、Apache域名跳转、Apache访问日志
- 2. Apache用户认证,域名跳转,Apache访问日志
- 3. Apache用户认证、域名跳转、Apache访问日志
- 4. Apache用户认证 域名跳转 Apache访问日志
- 5. Apache用户认证;域名跳转;Apache访问日志
- 6. apache用户认证-域名跳转-apache访问日志
- 7. 171220---LAMP Apache用户认证, 域名跳转 ,Apache访问日志
- 8. Apache用户认证,域名跳转,Apache访问日志
- 9. Apache用户认证、域名跳转及Apache访问日志
- 10. LAMP ---Apache用户认证、域名跳转、Apache访问日志介绍······