目录
一、Apache用户认证
二、域名跳转
三、Apache访问日志
扩展
apache虚拟主机开启php的短标签 http://ask.apelearn.com/question/5370
一、Apache用户认证
为了保证网站信息安全,我们可以在用户访问网站时增加用户认证,要求输入用户名密码通过验证才可以顺利访问。现在给www.ming1.com站点做一个全站的用户认证:
- 修改/usr/local/apache2.4/conf/extra/httpd-vhosts.conf配置文件
将www.ming1.com虚拟主机编辑成如下内容:
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache2.4/htdocs/ming1"
ServerName www.ming1.com
ServerAlias ming1.com
AllowOverride AuthConfig //打开认证开关
AuthName "ming1.com User auth" //自定义认证的名字,作用不大
AuthType Basic //认证的类型,一般为Basic
AuthUserFile /data/.htpasswd //指定密码文件所在位置
require valid-user //指定需要认证的用户为全部可用用户
ErrorLog "logs/www.ming1.com-error_log"
CustomLog "logs/www.ming1.com-access_log" common
- 创建密码文件
[root@minglinux ~] /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd ming1
New password:
Re-type new password:
Adding password for user ming1
[root@minglinux ~] ls /data/.htpasswd
/data/.htpasswd
[root@minglinux ~] cat !$ //查看密码文件
cat /data/.htpasswd
ming1:$apr1$g9SVOr2X$CJbagUgjJK3FahOcGPRRf/
[root@minglinux ~] /usr/local/apache2.4/bin/apachectl -t //验证没有问题后才能重启或者重新加载
Syntax OK
[root@minglinux ~] /usr/local/apache2.4/bin/apachectl graceful
htpasswd命令为创建用户的工具,-c为create(创建),-m指定密码加密方式为MD5。-c选项仅在第一次创建时使用,再次创建就不要加-c了,否则/data/.htpasswd文件会被重置,之前的用户被清空。
- 在Windows机器浏览器访问www.ming1.com
输入用户名密码即可正常进入。
- 本机上curl访问
[root@minglinux ~] curl -x127.0.0.1:80 www.ming1.com
401 Unauthorized
Unauthorized
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
[root@minglinux ~] curl -x127.0.0.1:80 -uming1:123456 www.ming1.com
hello ming1
- 针对某个目录进行认证
比如要对www.ming1.com/admin/目录进行认证,只需将httpd-vhosts.conf文件中的
改为
即可。
- 针对某个文件进行认证
比如对www.ming1.com/admin.html进行认证,则要将httpd-vhosts.conf文件中的
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache2.4/htdocs/ming1"
ServerName www.ming1.com
ServerAlias ming1.com
//指定认证的目录
AllowOverride AuthConfig //打开认证开关
AuthName "ming1.com User auth" //自定义认证的名字,作用不大
AuthType Basic //认证的类型,一般为Basic
AuthUserFile /data/.htpasswd //指定密码文件所在位置
require valid-user //指定需要认证的用户为全部可用用户
ErrorLog "logs/www.ming1.com-error_log"
CustomLog "logs/www.ming1.com-access_log" common
修改为
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache2.4/htdocs/ming1"
ServerName www.ming1.com
ServerAlias ming1.com
//指定认证的文件
AllowOverride AuthConfig //打开认证开关
AuthName "ming1.com User auth" //自定义认证的名字,作用不大
AuthType Basic //认证的类型,一般为Basic
AuthUserFile /data/.htpasswd //指定密码文件所在位置
require valid-user //指定需要认证的用户为全部可用用户
ErrorLog "logs/www.ming1.com-error_log"
CustomLog "logs/www.ming1.com-access_log" common
- 创建admin.html文件
[root@minglinux ~] /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@minglinux ~] /usr/local/apache2.4/bin/apachectl graceful //修改完配置文件后都重新加载一次Apache
[root@minglinux-01 ~] echo "admin page" > /usr/local/apache2.4/htdocs/ming1/admin.html //创建admin.html文件
[root@minglinux-01 ~] curl -x127.0.0.1:80 www.ming1.com -l
ming1 //访问www.ming1.com已经不需要用户名密码
[root@minglinux-01 ~] curl -x127.0.0.1:80 www.ming1.com/admin.p
hp //admin.html页面无法访问
401 Unauthorized
Unauthorized
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
[root@minglinux-01 /usr/local/apache2.4/htdocs/ming1] curl -x127.0.0.1:80 -uming:123456 www.ming1.com/admin.html //用户名密码认证后可以成功访问
admin page
二、域名跳转
需求:把ming1.com域名跳转到www.ming2.com
修改配置文件如下:
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache2.4/htdocs/ming1"
ServerName www.ming1.com
ServerAlias ming1.com
#
#AllowOverride AuthConfig
#AuthName "ming user auth"
#AuthType Basic
#AuthUserFile /data/htpasswd
#require valid-user
#
//mod_rewrite模块支持
RewriteEngine on //打开rewrite功能
RewriteCond %{HTTP_HOST} !^www.ming2.com$
//定义rewrite的条件,当主机名(域名)不是www.123.com时满足条件
RewriteRule ^/(.*)$ http:/\/www.ming2.com/$1 [R=301,L]
// 定义rewrite规则,当满足上面的条件时,这条规则才会执行
ErrorLog "logs/www.ming1.com-error_log"
CustomLog "logs/www.ming1.com-access_log" common
RewriteRule后面由空格划分成三部分,第一部分为当前的URL(也就是网址),不过这个URL是不把主机头(也就是域名)算在内的。第二部分为要跳转的目标地址,这个地址可以写全(包含了主机头),当然也可以不加主机头,默认就是前面定义的ServerName。第三部分为一些选项,需要用方括号括起来,301为状态码,它称作“永久重定向”(还有一种跳转用的状态码为302,叫作“临时重定向”),L表示“last”,意思是跳转一次就结束了。
- 查看httpd是否已经加载rewrite模块
[root@minglinux-01 ~] /usr/local/apache2.4/bin/apachectl -M |grep –i rewrite
grep: rewrite: 没有那个文件或目录
httpd: Syntax error on line 477 of /usr/local/apache2.4/conf/httpd.conf: Syntax error on line 35 of /usr/local/apache2.4/conf/extra/httpd-vhosts.conf: Expected but saw
[root@minglinux-01 ~] vim /usr/local/apache2.4/conf/httpd.conf
···
LoadModule rewrite_module modules/mod_rewrite.so //将该行前面的#号去掉
···
[root@minglinux-01 ~] /usr/local/apache2.4/bin/apachectl graceful
[root@minglinux-01 ~] /usr/local/apache2.4/bin/apachectl -M |grep -i rewrite
rewrite_module (shared) // 有这一行输出,说明正常加载rewrite模块
[root@minglinux-01 ~] curl -x127.0.0.1:80 -I ming1.com //加I只看状态码
HTTP/1.1 301 Moved Permanently
Date: Thu, 15 Nov 2018 15:13:32 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.30
Location: http://www.ming2.com/
Content-Type: text/html; charset=iso-8859-1
[root@minglinux-01 ~] curl -x 127.0.0.1:80 www.example.com -I //其他非www.ming2.com域名都会跳转
HTTP/1.1 301 Moved Permanently
Date: Thu, 15 Nov 2018 15:23:15 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.30
Location: http://www.ming2.com/
Content-Type: text/html; charset=iso-8859-1
三、Apache访问日志
- 访问日志记录用户的每一个请求
虚拟主机www.ming1.com的日志存放位置如下:
[root@minglinux-01 ~] vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
···
ErrorLog "logs/www.ming1.com-error_log"
CustomLog "logs/www.ming1.com-access_log" common
···
- 查看日志
[root@minglinux-01 ~] ls /usr/local/apache2.4/logs
access_log www.ming1.com-error_log
error_log www.ming2.com-error_log
httpd.pid wwww.ming2.com-access_log
www.ming1.com-access_log
[root@minglinux-01 ~] cd !$
cd /usr/local/apache2.4/logs
[root@minglinux-01 /usr/local/apache2.4/logs] cat www.ming1.com-access_log
192.168.162.1 - - [14/Nov/2018:22:56:37 +0800] "GET / HTTP/1.1" 200 6
192.168.162.1 - - [14/Nov/2018:23:01:16 +0800] "GET / HTTP/1.1" 200 6
192.168.162.1 - - [14/Nov/2018:23:01:16 +0800] "GET /favicon.ico HTTP/1.1" 404 209
192.168.162.1 - - [14/Nov/2018:23:09:37 +0800] "GET / HTTP/1.1" 200 6
192.168.162.1 - - [14/Nov/2018:23:09:46 +0800] "GET / HTTP/1.1" 200 6
192.168.162.1 - - [14/Nov/2018:23:09:46 +0800] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - - [15/Nov/2018:21:30:59 +0800] "GET HTTP://www.ming1.com/ HTTP/1.1" 200 6
127.0.0.1 - - [15/Nov/2018:21:31:07 +0800] "GET HTTP://www.ming1.com/ HTTP/1.1" 200 6
127.0.0.1 - - [15/Nov/2018:21:33:25 +0800] "GET HTTP://www.ming1.com/admin.php HTTP/1.1" 401 381
127.0.0.1 - ming [15/Nov/2018:21:37:34 +0800] "GET HTTP://www.ming1.com/admin.php HTTP/1.1" 500 529
192.168.162.1 - - [15/Nov/2018:21:38:06 +0800] "GET /admin.php HTTP/1.1" 401 381
···
···
127.0.0.1 - - [15/Nov/2018:23:13:12 +0800] "HEAD HTTP://123.com/ HTTP/1.1" 200 -
127.0.0.1 - - [15/Nov/2018:23:13:32 +0800] "HEAD HTTP://123.com/ HTTP/1.1" 301 -
127.0.0.1 - - [15/Nov/2018:23:23:15 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 -
日志记录的格式为
来源ip 时间 行为 访问的域名 HTTP的版本 状态码 大小
- 定义访问日志的格式
[root@minglinux-01 /usr/local/apache2.4/logs] vim /usr/local/apache2.4/conf/httpd.conf
//搜索LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
可以看到两个格式的日志,建议使用第一个,记录的信息会更全。
%h为访问网站的IP;
%l为远程登录名,这个字段基本上为“-”;
%u为用户名,当使用用户认证时,这个字段为认证的用户名;
%t为时间;
%r为请求的动作(比如用curl -I时就为HEADE);
%s为请求的状态码,写成%>s为最后的状态码;
%b为传输数据大小;
%{Referer}i为referer信息(请求本次地址上一次的地址就为referer,比如在百度中搜索阿铭Linux,然后通过百度的搜索结果页面点击然后到了阿铭的论坛,那访问阿铭论坛的这次请求的referer就是baidu,当然那个地址肯定是很长的);
%{User-Agent}i为浏览器标识,比如你用Firefox或者Chrome浏览器,则该字段显示内容不一样,是带有浏览器的标识的。
- 修改日志格式
[root@minglinux-01 /usr/local/apache2.4/logs] vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
将
CustomLog "logs/www.ming1.com-access_log" common
改成
CustomLog "logs/www.ming1.com-access_log" combined
- 执行curl再用浏览器访问www.ming1.com
[root@minglinux-01 /usr/local/apache2.4/logs] curl -x 127.0.0.1:80 www.ming1.com -I
HTTP/1.1 200 OK
Date: Thu, 15 Nov 2018 16:07:25 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.30
Last-Modified: Wed, 14 Nov 2018 14:59:01 GMT
ETag: "6-57aa12cae4c19"
Accept-Ranges: bytes
Content-Length: 6
Content-Type: text/html
[root@minglinux-01 /usr/local/apache2.4/logs] curl -x 127.0.0.1:80 www.ming1.com
ming1
- 查看更新的访问日志
[root@minglinux-01 /usr/local/apache2.4/logs] cat www.ming1.com-access_log
···
···
127.0.0.1 - - [15/Nov/2018:23:13:12 +0800] "HEAD HTTP://123.com/ HTTP/1.1" 200 -
127.0.0.1 - - [15/Nov/2018:23:13:32 +0800] "HEAD HTTP://123.com/ HTTP/1.1" 301 -
127.0.0.1 - - [15/Nov/2018:23:23:15 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 -
127.0.0.1 - - [16/Nov/2018:00:05:27 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 - "-" "curl/7.29.0"
127.0.0.1 - - [16/Nov/2018:00:07:11 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 200 - "-" "curl/7.29.0"
127.0.0.1 - - [16/Nov/2018:00:07:25 +0800] "HEAD HTTP://www.ming1.com/ HTTP/1.1" 200 - "-" "curl/7.29.0"
127.0.0.1 - - [16/Nov/2018:00:07:28 +0800] "GET HTTP://www.ming1.com/ HTTP/1.1" 200 6 "-" "curl/7.29.0"
192.168.162.1 - - [16/Nov/2018:00:11:38 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.162.1 - - [16/Nov/2018:00:11:39 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
192.168.162.1 - - [16/Nov/2018:00:11:45 +0800] "GET /admin.html HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
这个日志格式更加详细了