实验 Apache网页与安全优化

目录

  • 一 Apache网页优化
    • 1.1 网页压缩
    • 1.2 网页缓存
  • 二 Apache安全优化
    • 2.1 隐藏版本信息
    • 2.2 配置防盗链

一 Apache网页优化

1.1 网页压缩

apachectl -D DUMP_MODULES | grep "deflate"
systemctl stop httpd
cd /opt/httpd-2.4.29/
[root@www httpd-2.4.29]# ./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-cgid \
--enable-deflate \
--enable-expires
[root@www httpd-2.4.29]# make && make install
[root@localhost httpd-2.4.29]# vi /usr/local/httpd/conf/httpd.conf 
LoadModule deflate_module modules/mod_deflate.so
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript image/png image/jpg
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
[root@localhost httpd-2.4.29]# httpd -t
Syntax OK
[root@localhost httpd-2.4.29]# systemctl restart httpd

把测试照片传入/usr/local/httpd/htdocs/目录下

[root@localhost httpd-2.4.29]# cd /usr/local/httpd/htdocs/
[root@localhost htdocs]# vi index.html 
<html>
<head>
<title>--压缩测试页--</title>
</head>
<body><h1>这是一个测试网页内容压缩的页面!!This is test Page!!</h1>
<img src=b.jpg / >
</body>
</html>

用抓包软件测试图片是否压缩
实验 Apache网页与安全优化_第1张图片
如果有中文乱码问题如图:
实验 Apache网页与安全优化_第2张图片

[root@localhost htdocs]# vi /etc/httpd.conf 
ServerRoot "/usr/local/httpd"
AddDefaultCharset utf-8    #添加
[root@localhost htdocs]# systemctl restart httpd

实验 Apache网页与安全优化_第3张图片

1.2 网页缓存

[root@localhost ~]# apachectl -D DUMP_MODULES | grep "expire"
[root@localhost ~]# systemctl stop httpd
[root@localhost ~]# cd /opt/httpd-2.4.29/
[root@localhost httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-so \
> --enable-rewrite \
> --enable-charset-lite \
> --enable-cgi \
> --enable-cgid \
> --enable-deflate \
> --enable-expires
[root@localhost httpd-2.4.29]# make && make install
[root@localhost httpd-2.4.29]# vi /etc/httpd.conf 
LoadModule expires_module modules/mod_expires.so    //去掉#
<IfModule mod_expires.c>     //末尾添加
ExpiresActive On
ExpiresDefault "access plus 60 seconds"
</IfModule>
[root@localhost httpd-2.4.29]# httpd -t
Syntax OK
[root@localhost httpd-2.4.29]# systemctl restart httpd
[root@localhost httpd-2.4.29]# apachectl -D DUMP_MODULES | grep "expire"
 expires_module (shared)

用抓包软件测试图片传输是否缓存
实验 Apache网页与安全优化_第4张图片

二 Apache安全优化

2.1 隐藏版本信息

用抓包软件抓取包,能显示出Apache版本信息
实验 Apache网页与安全优化_第5张图片
如果黑客或别有用心的人得到Apache的版本信息,就会有针对性的展开攻击,很有可能会给网站造成很大的损失。所以,需要隐藏Apache的版本号,降低遭受攻击的风险,保护服务器的安全运行

[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf 
Include conf/extra/httpd-default.conf    //前面去掉#
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-default.conf 
ServerTokens Prod    //把Full改为Prod
[root@localhost ~]# systemctl restart httpd

访问测试,抓包测试图片传输是否有版本号
实验 Apache网页与安全优化_第6张图片

2.2 配置防盗链

(1)先做一个盗用图片的网站

[root@ns1 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
20.0.0.21        www.51xit.top
[root@ns1 ~]# yum -y install httpd
[root@ns1 ~]# systemctl start httpd
[root@ns1 ~]# systemctl enable httpd
[root@ns1 ~]# vi /var/www/html/index.html 


--压缩测试页--

这是一个盗用网页内容的页面!!This is test Page!!

测试一下
实验 Apache网页与安全优化_第7张图片

(2)接下来做防盗处理

[root@localhost ~]# apachectl -t -D DUMP_MODULES | grep "rewrite"
[root@localhost ~]# systemctl stop httpd

LoadModule rewrite_module modules/mod_rewrite.so
   RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://20.0.0.21/*
    RewriteCond %{HTTP_REFERER} !^http://51xit.top/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://51xit.top$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.51xit.top/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.51xit.top$ [NC]
    RewriteRule  .*\.(gif|jpg|swf|png)$ https://ss1.bdstatic.com/70cFuXSh_Q1YnxGkpoWK1HF6hhy/it/u=3577784466,441383939&fm=26&gp=0.jpg [R,NC]
[root@localhost ~]# systemctl restart httpd

测试
实验 Apache网页与安全优化_第8张图片

你可能感兴趣的:(实验)