【2018.05.29学习笔记】【linux基础知识11.18-11.21】
11.18 Apache用户认证
有这样一种特殊的需求:须要对网站的访问进行安全认证,才可以访问网站的内容,例如公司规定网站的后台管理页面的访问就是须要用户认证,那么能够开启apache的用户认证功能来实现。php
一、在 conf/extra/httpd-vhosts.conf 虚拟主机配置文件下的进行设定。html
<VirualHost *:80> <Directory /data/wwwroot/abc.com> //指定须要访问认证的网站目录 AllowOverride AuthConfig //这个至关于打开认证的开关 AuthName "abc user auth" //自定义认证的名字,做用不大 AuthType Basic //认证的类型,通常为Basic AuthUserFile /data/.htpasswd //指定用户与密码文件所在位置 require valid-user //指定须要认证的用户为所有可用用户,即.htpasswd文件里设定的用户。 </Directory> </VirualHosts>
二、建立用户与密码文件:-c选项是建立、-m选项是使用md5加密算法,lgs是认证用户名算法
[root@lgs-02 ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd lgs New password: Re-type new password: Adding password for user lgs
三、从新加载配置,进行访问测试:401状态码就是须要认证数据库
[root@lgs-02 ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@lgs-02 ~]# /usr/local/apache2.4/bin/apachectl graceful
#直接访问报401错误。 [root@lgs-02 ~]# curl -x127.0.0.1:80 abc.com -I HTTP/1.1 401 Unauthorized Date: Wed, 30 May 2018 12:00:36 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.32 WWW-Authenticate: Basic realm="abc user auth" Content-Type: text/html; charset=iso-8859-1 #指定用户与密码,密码输入错,也报401错误。 [root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:123456 abc.com -I HTTP/1.1 401 Unauthorized Date: Wed, 30 May 2018 12:01:37 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.32 WWW-Authenticate: Basic realm="abc user auth" Content-Type: text/html; charset=iso-8859-1 #指定用户与密码,密码正确,认证经过,就是报200码。 [root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:7826078 abc.com -I HTTP/1.1 200 OK Date: Wed, 30 May 2018 12:01:55 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.32 X-Powered-By: PHP/5.6.32 Content-Type: text/html; charset=UTF-8
浏览器访问验证:apache
** 也能够对单个文件进行访问认证:用 <FilesMatch admin.php> 进行设定 **vim
<VirtualHost *:80>
ServerAdmin lgs@111.com
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com 123.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
<FilesMatch index.php>
AllowOverride AuthConfig
AuthName "111 user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
</VirtualHost>
从新加载配置,进行验证::对网站进行访问不认证,对访问指定页面才会提示认证。浏览器
[root@lgs-02 ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@lgs-02 ~]# /usr/local/apache2.4/bin/apachectl graceful
#直接访问网站主页报200码,不用认证。 [root@lgs-02 ~]# curl -x127.0.0.1:80 111.com -I HTTP/1.1 200 OK Date: Wed, 30 May 2018 12:09:22 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.32 X-Powered-By: PHP/5.6.32 Content-Type: text/html; charset=UTF-8 [root@lgs-02 ~]# curl -x127.0.0.1:80 111.com welcome to visit 111.com[root@lgs-02 ~]# #直接访问网站admin.php,报401错误,须要认证。 [root@lgs-02 ~]# curl -x127.0.0.1:80 111.com/admin.php -I HTTP/1.1 401 Unauthorized Date: Wed, 30 May 2018 12:10:44 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.32 WWW-Authenticate: Basic realm="111 user auth" Content-Type: text/html; charset=iso-8859-1 #指定用户与密码,密码正确,认证经过,就是报200码。 [root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:7826078 111.com/admin.php welcome to visit the admin page[root@lgs-02 ~]#
浏览器验证:安全
11.19/11.20 域名跳转
有这样一种需求:咱们访问123.com,浏览器自动跳转到111.com去。服务器
为何有这样的需求:公司老用户收藏或只记得旧域名,为了公司品牌升级公司启用了新的域名。因此为了老用户还继续可以使用旧域名访问公司网站,就要用到域名跳转来实现。php7
那为何不一样时使用新旧两个域名,而要进行跳转呢?是由于涉及到网站搜索SEO的关系,搜索引擎会有蜘蛛爬虫程序到你的网站来抓取页面,存放到搜索引擎的数据库中,当用户搜到该网站内容时会反馈给用户搜索结果,进而用户可以访问到你的网站里所需的内容。
想要被搜索到,就必须提升网站的权重,他是经过域名来判断的,假如你的网站服务器有两个域名,那么搜索引擎就会认为后面的新域名是个假域名,而不计算你新域名的权重,影响客户经过搜索引擎访问到你的新域名的网站。因此必须使用域名跳转。
启用域名跳转 :是经过Apache的Rewrite模块来实现的(httpd.conf中启用该模块,httpd-vhosts.conf中定义跳转设置)
[root@lgs-02 ~]# vim /usr/local/apache2.4/conf/httpd.conf LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule php5_module modules/libphp5.so #LoadModule php7_module modules/libphp7.so
<VirtualHost *:80>
ServerAdmin lgs@111.com
DocumentRoot "/data/wwwroot/111.com"
ServerName www.111.com
ServerAlias 111.com 123.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
# <FilesMatch admin.php>
# AllowOverride AuthConfig
# AuthName "111 user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
<IfModule mod_rewrite.c> //编译Apache的时候,指定了mods=most,会自动加入该模块
RewriteEngine on //打开域名跳转功能
RewriteCond %{HTTP_HOST} !^111.com$ //定义rewrite的条件
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L] //定义跳转规则 跳到 http://111.com去
</IfModule>
</VirtualHost>
从新加载配置文件:
[root@lgs-02 ~]# /usr/local/apache2.4/bin/apachectl -t Syntax OK [root@lgs-02 ~]# /usr/local/apache2.4/bin/apachectl graceful
验证跳转测试:
[root@lgs-02 ~]# curl -x127.0.0.1:80 123.com -I HTTP/1.1 301 Moved Permanently Date: Wed, 30 May 2018 12:39:31 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.32 Location: http://111.com/ Content-Type: text/html; charset=iso-8859-1 [root@lgs-02 ~]# curl -x127.0.0.1:80 123.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://111.com/">here</a>.</p> </body></html>
11.21 Apache访问日志
Apache的访问日志是在 httpd-vhosts.conf配置文件下定义的,一个虚拟主机对应一个访问日志:CustomLog "logs/abc.com-access_log" common
<VirtualHost *:80>
ServerAdmin lgs@abc.com
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com aaa.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
查看某个虚拟主机的访问日志
[root@lgs-02 ~]# tail /usr/local/apache2.4/logs/abc.com-access_log 127.0.0.1 - - [30/May/2018:18:53:25 +0800] "GET HTTP://123456789.com/ HTTP/1.1" 200 24 127.0.0.1 - - [30/May/2018:19:59:42 +0800] "HEAD HTTP://abc.com/ HTTP/1.1" 200 - 127.0.0.1 - - [30/May/2018:20:00:36 +0800] "HEAD HTTP://abc.com/ HTTP/1.1" 401 - 127.0.0.1 - lgs [30/May/2018:20:01:37 +0800] "HEAD HTTP://abc.com/ HTTP/1.1" 401 - 127.0.0.1 - lgs [30/May/2018:20:01:55 +0800] "HEAD HTTP://abc.com/ HTTP/1.1" 200 - 192.168.87.1 - - [30/May/2018:20:02:28 +0800] "GET / HTTP/1.1" 401 381 192.168.87.1 - lgs [30/May/2018:20:02:47 +0800] "GET / HTTP/1.1" 200 24 127.0.0.1 - - [30/May/2018:20:38:32 +0800] "HEAD HTTP://21111.com/ HTTP/1.1" 401 - 127.0.0.1 - - [30/May/2018:20:44:45 +0800] "GET HTTP://abc.com/ HTTP/1.1" 401 381 127.0.0.1 - - [30/May/2018:20:45:05 +0800] "GET HTTP://www.abc.com/ HTTP/1.1" 401 381
访问日志的格式定义在:httpd.conf下:
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
通常是使用 common的简单格式,可是这种日志太简单了,不能看到更详细的信息。
咱们能够启动combined格式:
包含Referer信息:访问页面的上一级连接
User-Agent信息:用户代理,用户访问页面使用的工具:浏览器、curl等。
<VirtualHost *:80>
ServerAdmin lgs@abc.com
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com aaa.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" combined
[root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:7826078 abc.com welcome to visit abc.com[root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:7826078 abc.com welcome to visit abc.com[root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:7826078 abc.com welcome to visit abc.com[root@lgs-02 ~]#
再用ie浏览器访问abc.com
#查看日志 [root@lgs-02 ~]# curl -x127.0.0.1:80 -ulgs:7826078 abc.com welcome to visit tail /usr/local/apache2.4/logs/abc.com-access_log 127.0.0.1 - - [30/May/2018:20:44:45 +0800] "GET HTTP://abc.com/ HTTP/1.1" 401 381 127.0.0.1 - - [30/May/2018:20:45:05 +0800] "GET HTTP://www.abc.com/ HTTP/1.1" 401 381 127.0.0.1 - - [30/May/2018:20:55:20 +0800] "GET HTTP://abc.com/ HTTP/1.1" 401 381 "-" "curl/7.29.0" 127.0.0.1 - lgs [30/May/2018:20:55:31 +0800] "GET HTTP://abc.com/ HTTP/1.1" 200 24 "-" "curl/7.29.0" 127.0.0.1 - lgs [30/May/2018:20:55:41 +0800] "GET HTTP://abc.com/ HTTP/1.1" 200 24 "-" "curl/7.29.0" 127.0.0.1 - lgs [30/May/2018:20:55:42 +0800] "GET HTTP://abc.com/ HTTP/1.1" 200 24 "-" "curl/7.29.0" 192.168.87.1 - - [30/May/2018:20:56:39 +0800] "GET / HTTP/1.1" 401 381 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" 192.168.87.1 - lgs [30/May/2018:20:56:45 +0800] "GET / HTTP/1.1" 401 381 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" 192.168.87.1 - lgs [30/May/2018:20:56:48 +0800] "GET / HTTP/1.1" 200 24 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" 192.168.87.1 - lgs [30/May/2018:20:56:48 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" 192.168.87.1 - lgs [30/May/2018:20:56:48 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" 192.168.87.1 - - [30/May/2018:21:01:06 +0800] "GET / HTTP/1.1" 401 381 "http://ask.apelearn.com/question/17845" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.90 Safari/537.36 2345Explorer/9.3.2.17331" 192.168.87.1 - lgs [30/May/2018:21:01:11 +0800] "GET / HTTP/1.1" 200 24 "http://ask.apelearn.com/question/17845" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.90 Safari/537.36 2345Explorer/9.3.2.17331" 192.168.87.1 - lgs [30/May/2018:21:01:11 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://www.abc.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.90 Safari/537.36 2345Explorer/9.3.2.17331"
能够看到Referer信息:"http://ask.apelearn.com/question/17845"
和User-Agent信息:"curl/7.29.0"、"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"
相关文章
- 1. Linux之基础知识学习笔记
- 2. Linux学习笔记:基础知识学习整理【图】
- 3. Hibernate学习笔记之基础知识
- 4. Java基础知识学习笔记五
- 5. Struts2学习笔记1——基础知识
- 6. WireShark学习笔记(一)基础知识
- 7. HTML基础知识学习笔记
- 8. Python学习笔记(1)——基础知识
- 9. Redis学习笔记:基础知识
- 10. san学习笔记(二)--基础知识
- 更多相关文章...
- • Kotlin 基础语法 - Kotlin 教程
- • Scala 基础语法 - Scala教程
- • Tomcat学习笔记(史上最全tomcat学习笔记)
- • Kotlin学习(二)基本类型
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章